Multiple Vulnerabilities in Redis


Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk.

CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ‘improper input validation’ vulnerability with a CVSSv3 score of 4.4.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • Fortinet fixes bug letting unauthenticated hackers run code as root

    July 20, 2021

    Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges. Both FortiManager and FortiAnalyzer are enterprise-grade network management solutions for environments with up to 100,000 devices. They are available as a physical appliance, as a virtual machine, ...

  • Law firm Campbell Conroy & O’Neil warned clients of ransomware data breach

    July 20, 2021

    Law firm Campbell Conroy & O’Neil has warned of a breach from late February which may have exposed data from the company’s lengthy client list of big-name corporations including Apple and IBM. The breach, which was discovered on 27 February 2021 when a ransomware infection blocked access to selected files on the company’s internal systems, has ...

  • TeamTNT Campaigns Emphasize Importance of Addressing Cloud Security Gaps

    July 20, 2021

    Having covered TeamTNT in several of our blog entries over the past couple of years, we embarked on a research that encompasses the malicious actor group’s campaigns, tools, and techniques in 2020 and early 2021. Although believed to have been active since 2011, TeamTNT stayed under the radar for many years before exploding onto the scene ...

  • Safeguarding Critical Infrastructure Against Threats From The People’s Republic Of China

    July 19, 2021

    As today’s announcement from the White House indicates, the cyber threat from the People’s Republic of China (PRC) continues to evolve and poses a real risk to the nation’s critical infrastructure, as well as businesses and organization of all sizes at home and around the world. CISA regularly shares actionable information to help security professionals ...

  • Saudi Aramco data breach sees 1 TB stolen data for sale

    July 19, 2021

    Attackers have stolen 1 TB of proprietary data belonging to Saudi Aramco and are offering it for sale on the darknet. The Saudi Arabian Oil Company, better known as Saudi Aramco, is one of the largest public petroleum and natural gas companies in the world. The oil giant employs over 66,000 employees and brings in almost $230 ...

  • iPhones running latest iOS hacked to deploy NSO Group spyware

    July 19, 2021

    Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple’s latest iOS release, hacked using zero-day zero-click iMessage exploits. “Amnesty International has observed evidence of compromise of the iPhone XR of an Indian journalist ...