Xint Code

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 **Description** An externally-controlled format string in the `timeofday()` function allows an attacker to retrieve portions of server memory by using crafted timezone zones. **Recommendations** Update to version 18.4 or later. Update to version 17.10 or later. Update to version 16.14 or later. Update to version 15.18 or later. Update to version 14.23 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iPadOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** An out-of-bounds write issue exists due to insufficient input validation. This flaw allows an application to write to kernel memory or cause unexpected system termination. **Recommendations** Update iOS to version 18.7.9 Update iPadOS to version 18.7.9 Update iOS to version 26.5 Update iPadOS to version 26.5 Update macOS Sequoia to version 15.7.7 Update macOS Sonoma to version 14.8.7 Update macOS Tahoe to version 26.5 Update tvOS to version 26.5 Update visionOS to version 26.5 Update watchOS to version 26.5

**Name of the Vulnerable Software and Affected Versions** redis-server versions 7.2.0 through 8.6.2 **Description** A use-after-free issue exists in the unblock client flow of the in-memory data structure store. The flaw occurs because the system does not handle an error return from the `processCommandAndResetClient()` function when re-executing a blocked command. If a blocked client is evicted during this process, an authenticated attacker can trigger the use-after-free condition. This can be exploited through a three-stage chain: using a Lua script to leak a heap pointer, grooming client memory to reclaim a freed slot with a fake client structure, and overwriting a function pointer in the Global Offset Table to redirect a string function to `system()`. This allows the attacker to execute arbitrary OS commands on the host server. It is estimated that Redis runs in approximately 75% of cloud environments, many of which operate without passwords, potentially lowering the barrier for authentication. **Recommendations** Update redis-server to version 8.6.3. As a temporary workaround, disable Lua scripting entirely to break the first stage of the exploit chain. Restrict Redis access to trusted networks and avoid exposing it directly to the internet. Tighten Access Control Lists (ACLs) so that no single role possesses both `u/admin` and `u/scripting` permissions simultaneously.

**Name of the Vulnerable Software and Affected Versions** WebFlux server application (affected versions not specified) **Description** A WebFlux server application that processes multipart requests creates temporary files for parts larger than 10 K. Under certain conditions, these temporary files may not be deleted after the request is fully processed, which allows an attacker to consume available disk space. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.