Multiple Vulnerabilities in Redis


Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk.

CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ‘improper input validation’ vulnerability with a CVSSv3 score of 4.4.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild

    November 18, 2020

    The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource management, agriculture, smart homes and far more. Hackers have been sounding alarms about this ...

  • APT10: Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign

    November 17, 2020

    A large-scale attack campaign is targeting multiple Japanese companies, including subsidiaries located in as many as 17 regions around the globe in a likely intelligence-gathering operation. Companies in multiple sectors are targeted in this campaign, including those operating in the automotive, pharmaceutical, and engineering sector, as well as managed service providers (MSPs). The scale and sophistication of ...

  • More than 200 systems infected by new Chinese APT ‘FunnyDream’

    November 17, 2020

    A new Chinese state-sponsored hacking group (also known as an APT) has infected more than 200 systems across Southeast Asia with malware over the past two years. The malware infections are part of a widespread cyber-espionage campaign carried out by a group named FunnyDream, according to a new report published today by security firm Bitdefender. The attacks ...

  • Information Leakage in AWS Resource-Based Policy APIs

    November 17, 2020

    Unit 42 researchers discovered a class of Amazon Web Services (AWS) APIs that can be abused to leak the AWS Identity and Access Management (IAM) users and roles in arbitrary accounts. Researchers confirmed that 22 APIs across 16 different AWS services could be abused the same way and the exploit works across all three AWS ...

  • Cybercriminal ‘Cloud of Logs’ – The Emerging Underground Business of Selling Access to Stolen Data

    November 16, 2020

    In this latest research by the Trend Micro Forward-Looking Threat Research (FTR) team, we take a closer look at an emerging underground market that is driven by malicious actors who sell access to troves of stolen data, frequently advertised in the underground as “clouds of logs.” This underground market affects not just users whose credentials ...

  • Scams Ramp Up Ahead of Black Friday Cybercriminal Craze

    November 16, 2020

    The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, phishing attacks and other malicious activities. The risk of infection is driving consumers to shop from the safety of their homes, rather than venture out into stores. In fact, a ...