1C239C43F521145Fa8385D64A9C32243

**Name of the Vulnerable Software and Affected Versions** Novell eDirectory versions 8.8.5 through 8.8.5.5 Novell eDirectory versions 8.8.6 through 8.8.6.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in the system hanging, by sending a malformed request to the NCP service. This can be achieved by sending a malformed FileSetLock request to port 524. **Recommendations** For Novell eDirectory versions 8.8.5 through 8.8.5.5, update to version 8.8.5.6 or later. For Novell eDirectory versions 8.8.6 through 8.8.6.1, update to version 8.8.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** Oracle Fusion Middleware versions 2.0.1.0 through 2.0.1.3 **Description** The issue affects confidentiality, integrity, and availability. It is related to the handling of null bytes in the `evaluation` parameter used in a filename, potentially allowing attackers to create a file with an executable extension and execute arbitrary JSP code via unknown vectors. **Recommendations** For versions 2.0.1.0 through 2.0.1.3, consider restricting access to the `voice-servlet` component until a patch is available. As a temporary workaround, avoid using the `evaluation` parameter in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.