Multiple Vulnerabilities in Redis


Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk.

CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ‘improper input validation’ vulnerability with a CVSSv3 score of 4.4.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • NVIDIA DLSS source code leaked as part of cyberattack

    March 2, 2022

    The attack on NVIDIA continues, this time with an alleged leak of the source code for the company’s DLSS tech. A ransomware group known as Lapsus has allegedly shared NVIDIA’s DLSS source code as part of a cyberattack. The group has demanded that NVIDIA remove mining limitations from RTX 30-series graphics cards. The leaked DLSS source code ...

  • Conti ransomware group’s source code leaked

    March 2, 2022

    Infamous ransomware group Conti is now the target of cyberattacks in the wake of its announcement late last week that it fully supports Russia’s ongoing invasion of neighboring Ukraine, with the latest hit being the leaking of its source code for the public to see. This disclosure comes just days after an archive leaked containing more ...

  • SMS PVA Part 3: Countries Most Impacted by Service

    March 2, 2022

    Part two of our blog entry discussed the impacts and implications of SMS PVA services. The article also explored how these services work by using Carousell as an example. Moreover, it discussed the “benefits” of SMS PVA services to cybercriminals. In the final installation of our series, we’ll discuss relevant statistics and recommendations to mitigate the ...

  • TeaBot Android Banking Trojan continues its global conquest with new upgrades

    March 2, 2022

    The TeaBot Remote Access Trojan (RAT) has been upgraded, leading to a huge increase in both targets and spread worldwide. On March 1, the Cleafy research team said TeaBot now targets over 400 applications, pivoting from an earlier focus on “smishing” to more advanced tactics. Smishing attacks are used to compromise mobile handsets via spam text messages ...

  • DDoS attackers have found this new trick to knock over websites

    March 2, 2022

    Distributed denial of service (DDoS) attackers are using a new technique to knock websites offline by targeting vulnerable ‘middleboxes’, such as firewalls, to amplify junk traffic attacks. Amplification attacks are nothing new and have helped attackers knock over servers with short busts of traffic as high as 3.47 Tbps. Microsoft last year mitigated attacks on this ...

  • Hackers Become the Hacked: Anonymous’ Site Taken Down Following Declaration of ‘Cyberwar’ on Russia

    March 1, 2022

    The Anonymous hacker collective began attacking the Russian segment of the internet Friday in connection with the situation in Ukraine, targeting websites of Russian businesses, media, the military and various government agencies. A hacking group called Killnet claims to have brought down a key website affiliated with Anonymous, as well as the neo-Nazi Ukrainian Right Sector ...