Multiple Vulnerabilities in Redis


Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk.

CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ‘improper input validation’ vulnerability with a CVSSv3 score of 4.4.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • mHealth Apps Expose Millions to Cyberattacks

    February 12, 2021

    Some 23 million mobile health (mHealth) application users are exposed to application programming interface (API) attacks that could expose sensitive information, according to researchers. Generally speaking, APIs are an intermediary between applications that defines how they can talk to one another and allowing them to swap information. Researcher Alissa Knight with Approov tried to break into ...

  • Copycat researchers imitate supply chain attack that hit tech giants

    February 12, 2021

    This week, over 150 new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures ...

  • Yandex said it caught an employee selling access to users’ inboxes

    February 12, 2021

    Russian search engine and email provider Yandex said today that it caught one of its employees selling access to user email accounts for personal gains. The company, which did not disclose the employee’s name, said the person was “one of three system administrators with the necessary access rights to provide technical support” for its Yandex.Mail service. The ...

  • Singtel, QIMR Berghofer report Accellion-related data breaches

    February 11, 2021

    Singtel and the QIMR Berghofer Medical Research Institute are the latest companies to disclose data breaches caused by a vulnerability in the Accellion FTA secure file transfer software. Accellion is a developer of secure file transfer products that allow organizations to transfer sensitive files with people outside of their organization. In mid-December, Accellion announced that they became ...

  • Android spyware strains linked to state-sponsored Confucius threat group

    February 11, 2021

    Two variants of Android spyware connected to pro-India, state-sponsored hacking campaigns have been discovered. On Tuesday, cybersecurity firm Lookout said that two malware strains, dubbed Hornbill and SunBird, have been linked to Confucius, an advanced persistent threat (APT) group thought to be state-sponsored and to have pro-India ties. First detected in 2013, Confucius has been linked to ...

  • Avaddon ransomware fixes flaw allowing free decryption

    February 11, 2021

    The Avaddon ransomware gang has fixed a bug that let victims recover their files without paying the ransom. The flaw came to light after a security researcher exploited it to create a decryptor. On Tuesday, Javier Yuste, a Ph.D. student at Rey Juan Carlos University, published a decryptor for the Avaddon Ransomware on his GitHub page ...