Daniel Firer

**Name of the Vulnerable Software and Affected Versions** RedisBloom versions prior to 2.8.20 **Description** RedisBloom, a probabilistic data structures module for Redis, fails to properly validate serialized values processed via the 'RESTORE' command. An authenticated attacker with permissions to execute 'RESTORE' on a server where the module is loaded can provide a crafted serialized payload to trigger invalid memory access, which may result in remote code execution. **Recommendations** Update to version 2.8.20. Restrict access to the 'RESTORE' command using ACL rules as a temporary workaround.

**Name of the Vulnerable Software and Affected Versions** Galaxy Wearable versions prior to 2.2.68 **Description** A flaw exists in Galaxy Wearable when installed on non-Samsung devices due to improper handling of insufficient permissions. This can allow a local attacker to access sensitive information. **Recommendations** Update Galaxy Wearable to version 2.2.68 or later.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 **Description** A lack of input type validation within the selectivity estimator function of the PostgreSQL intarray extension can allow an attacker to execute arbitrary code as the operating system user running the database. The issue resides in the intarray extension. **Recommendations** Update to PostgreSQL version 18.2 or later. Update to PostgreSQL version 17.8 or later. Update to PostgreSQL version 16.12 or later. Update to PostgreSQL version 15.16 or later. Update to PostgreSQL version 14.21 or later.