Multiple Vulnerabilities in Redis


Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk.

CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ‘improper input validation’ vulnerability with a CVSSv3 score of 4.4.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • Mystery of alleged Chinese hack on eve of Ukraine invasion

    April 7, 2022

    Allegations of Chinese cyber activity as the recent conflict broke out in Ukraine have been emerging. The details appear unusually murky but one Western intelligence official believes the aim was espionage – and the cyber-attack may have been broader than previously reported. The Times first reported that hackers, alleged to be based in China, began targeting Ukrainian ...

  • A Bad Luck BlackCat

    April 7, 2022

    In early December 2021, a new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, a new generation Ransomware-as-a-Service (RaaS) group. Shortly afterwards, they dialed up their activity, infecting numerous corporate victims around the world. The group is also known as BlackCat. One of the biggest differences from other ...

  • Israeli officials are being catfished by APT-C-23 hackers

    April 7, 2022

    High-ranking Israeli officials are being catfished in a new cyberespionage campaign launched by APT-C-23. AridViper, also known as APT-C-23, Desert Falcon, and Two-tailed Scorpion, is a politically-driven advanced persistent threat (APT) group active in the Middle East. In the past, AridViper has conducted spear-phishing attacks against Palestinian law enforcement, military, and educational establishments, as well as the ...

  • Android apps with 45 million installs used data harvesting SDK

    April 7, 2022

    Mobile malware analysts warn about a set of applications available on the Google Play Store, which collected sensitive user data from over 45 million installs of the apps. The apps collected this data through a third-party SDK that includes the ability to capture clipboard content, GPS data, email addresses, phone numbers, and even the user’s modem ...

  • Demand for cyber threat intel growing, White House official says

    April 6, 2022

    Private sector companies are increasingly asking the federal government for cyber threat intelligence as they seek to shore up their defenses against growing online threats, a White House cyber official told lawmakers on Wednesday. Robert Knake, a U.S. official in charge of budget and policy at the White House’s Office of the National Cyber Director, told ...

  • Conti gang is still in business, despite its own massive data leak

    April 6, 2022

    The Conti ransomware gang is still actively running campaigns against victims around the world, despite the inner workings of the group being revealed by data leaks. One of the most prolific ransomware groups of the last year, Conti has encrypted networks of hospitals, businesses, government agencies and more – in many cases, receiving a significant ransom ...