0Xfoxone

**Name of the Vulnerable Software and Affected Versions** LibRaw (affected versions not specified) **Description** The issue is an out-of-bounds read vulnerability within the `LibRaw::parseSonySRF()` function when processing srf files. This occurs in the file `librawsrcmetadatasony.cpp`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibRaw (affected versions not specified) **Description** The issue is related to a memory corruption problem in the `crxFreeSubbandData()` function, located in `librawsrcdecoderscrx.cpp`, which occurs when processing cr3 files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology version 8.5.5 Description: The issue affects the Oracle Outside In Technology product, a suite of software development kits (SDKs), allowing an unauthenticated attacker with network access via HTTP to compromise the technology. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Recommendations: For version 8.5.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology version 8.5.5 Description: The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, resulting in the ability to cause a hang or frequently repeatable crash of the system. Outside In Technology is a suite of software development kits, and the protocol depends on the software that uses it. Successful attacks can lead to unauthorized disruption of service. Recommendations: For Oracle Outside In Technology version 8.5.5, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting network access to the affected system to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology version 8.5.5 Description: The issue affects the Oracle Outside In Technology product, a suite of software development kits (SDKs), allowing an unauthenticated attacker with network access via HTTP to compromise the technology. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Recommendations: For version 8.5.5, update to a newer version that contains a fix for this issue to prevent potential exploitation.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology version 8.5.5 Description: The issue affects the Oracle Outside In Technology product, a suite of software development kits (SDKs), allowing an unauthenticated attacker with network access via HTTP to compromise the technology. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Recommendations: For version 8.5.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology version 8.5.5 Description: The issue affects the Oracle Outside In Technology product, a suite of software development kits (SDKs), allowing an unauthenticated attacker with network access via HTTP to compromise the technology. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Recommendations: For version 8.5.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology version 8.5.5 Description: The issue affects the Oracle Outside In Technology product, a suite of software development kits (SDKs), allowing an unauthenticated attacker with network access via HTTP to compromise the technology. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Recommendations: For version 8.5.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology version 8.5.5 Description: The issue affects the Oracle Outside In Technology product, a suite of software development kits (SDKs), allowing an unauthenticated attacker with network access via HTTP to compromise the technology. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Recommendations: For version 8.5.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology version 8.5.5 Description: The issue affects the Oracle Outside In Technology product, a suite of software development kits (SDKs), allowing an unauthenticated attacker with network access via HTTP to compromise the technology. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Recommendations: For version 8.5.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.5 **Description** The issue is related to insufficient input validation in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This can be exploited by an unauthenticated attacker with network access via HTTP, potentially leading to unauthorized actions such as causing a hang or crash of Oracle Outside In Technology, or gaining unauthorized access to modify, delete, or read critical data. The impact depends on how the software using Outside In Technology handles network data. **Recommendations** For version 8.5.5, consider restricting network access to the Outside In Technology component until a fix is available, or apply configuration changes that limit the potential impact of the issue, such as validating and sanitizing all input data before it is processed by the Outside In Filters component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.5 **Description** The issue exists due to insufficient input validation in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This allows a remote attacker to gain unauthorized read access to data, modify, add, or delete data, or cause a partial denial of service via HTTP requests. Successful attacks can result in unauthorized update, insert, or delete access to some of Oracle Outside In Technology's accessible data, as well as unauthorized read access to a subset of the data. **Recommendations** For version 8.5.5, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Outside In Filters component to minimize the risk of exploitation. Additionally, restrict network access via HTTP to the Oracle Outside In Technology to reduce the attack surface.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology versions 8.5.4 through 8.5.5 Description: The issue is related to inadequate access control in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data, as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and the ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Recommendations: For versions 8.5.4 and 8.5.5, update to a version that includes the fix for this issue, as these versions are easily exploitable and can lead to significant data and service disruptions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibRaw (affected versions not specified) **Description** The issue is related to an out-of-bounds write vulnerability within the `new node()` function in the LibRaw library, which can be triggered via a crafted X3F file. This vulnerability may allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.