Multiple Vulnerabilities in Redis


Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk.

CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ‘improper input validation’ vulnerability with a CVSSv3 score of 4.4.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • SynAck ransomware group releases decryption keys as they rebrand to El_Cometa

    August 13, 2021

    The SynAck ransomware gang has released decryption keys for victims that were infected between July 2017 and 2021, according to data obtained by The Record. SynAck is in the process of rebranding itself as the El_Cometa ransomware gang, and a member of the old group gave the keys to The Record. Emsisoft’s Michael Gillespie confirmed the veracity ...

  • Microsoft Warns: Another Unpatched PrintNightmare Zero-Day

    August 12, 2021

    One day after dropping its scheduled August Patch Tuesday update, Microsoft issued a warning about yet another unpatched privilege escalation/remote code-execution (RCE) vulnerability in the Windows Print Spooler. The zero-day bug, tracked as CVE-2021-36958, carries a CVSS vulnerability-severity scale rating of 7.3, meaning that it’s rated as “important.” Microsoft said that it allows for a local ...

  • IT threat evolution Q2 2021

    August 12, 2021

    It is quite common for Chinese-speaking threat actors to share tools and methodologies: one such example is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be side-loaded by it and an encoded payload, generally dropped from a self-extracting archive. This was first thought to be a signature of LuckyMouse, but we ...

  • Notorious AlphaBay darknet market comes back to life

    August 12, 2021

    The AlphaBay darkweb market has come back to life after an administrator of the original project relaunched it over the weekend. At the same time, the admin announced plans for setting up a platform for darknet markets to set up shop with a strong focus on anonymity. Read more… Source: Bleeping Computer  

  • Cryptocurrency heist hacker returns $260m in funds

    August 12, 2021

    The hacker behind one of the largest cryptocurrency heists to date has returned almost half of the $600m (£433m) stolen assets. On Tuesday, the firm affected, Poly Network wrote a letter on Twitter, asking the individual to get in touch “to work out a solution”. The hacker then posted messages pledging to return funds, claiming to be ...

  • New AdLoad malware variant slips through Apple’s XProtect defenses

    August 11, 2021

    A new AdLoad malware variant is slipping through Apple’s YARA signature-based XProtect built-in antivirus to infect Macs as part of multiple campaigns tracked by cybersecurity firm SentinelOne. AdLoad is a widespread trojan targeting the macOS platform since at least since late 2017 and used to deploy various malicious payloads, including adware and Potentially Unwanted Applications (PUAs), Read ...