Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk.
CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ‘improper input validation’ vulnerability with a CVSSv3 score of 4.4.
Read more…
Source: NHS Digital
Related:
- RECON bug lets hackers create admin accounts on SAP servers
July 14, 2020
Business giant SAP released a patch today for a major vulnerability that impacts the vast majority of its customers. The bug, codenamed RECON, exposes companies to easy hacks, according to cloud security firm Onapsis, who discovered the vulnerability earlier this year, in May, and reported it to SAP to have it patched. Onapsis says RECON allows malicious ...
- Critical DNS Bug Opens Windows Servers to Infrastructure Hijacking
July 14, 2020
A critical Microsoft Windows Server bug opens company networks to hackers, allowing them to potentially seize control of IT infrastructures. Microsoft issued a patch for the bug on Tuesday as part of its July Patch Tuesday roundup. It turns out that the bug is 17 years old. Impacted are Windows Server versions from 2003-2019. The bug, ...
- Hacker breaches security firm in act of revenge
July 13, 2020
A hacker claims to have breached the backend servers belonging to a US cyber-security firm and stolen information from the company’s “data leak detection” service. The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that leaked from other companies during past security breaches. The databases have been collected inside DataViper, a ...
- Zoom Zero-Day Allows RCE, Patch on the Way
July 10, 2020
A newly discovered bug in the Zoom Client for Windows could allow remote code-execution, according to researchers at 0patch, which disclosed the existence of the flaw on Thursday after pioneering a proof-of-concept exploit for it. The issue was confirmed for Threatpost by a Zoom spokesperson. The 0patch team said that the vulnerability is present in any ...
- Microsoft Warns on OAuth Attacks Against Cloud App Users
July 9, 2020
Against the backdrop of widespread remote working and the increased use of collaboration apps, attackers are ramping up application-based attacks that exploit OAuth 2.0, Microsoft is warning. OAuth is an open standard for access delegation, commonly used as a way for people to sign into services without entering a password — using signed-in status on another, ...
- Evilnum hackers use the same malware supplier as FIN6, Cobalt
July 9, 2020
Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters to big fintech threat actors. The group has been active since at least 2018 and focuses on companies from the financial technology sector that offer trading and investment platforms. Its targets are ...

