François Goichon

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c Description: The issue is related to insufficient input validation in the Oracle Text component, allowing an unauthenticated attacker with network access via Oracle Net to compromise Oracle Text. Successful attacks can result in the takeover of Oracle Text. The exploitation of this issue is considered difficult. Recommendations: For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Description: The issue is related to insufficient input validation in the Scheduler component of Oracle Database Server, allowing a low-privileged attacker with local logon privilege to compromise the Scheduler. Successful attacks can result in the takeover of the Scheduler and may significantly impact additional products. Recommendations: For versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, consider restricting access to the Scheduler component until a patch is available. As a temporary workaround, consider disabling the Scheduler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ActivePDF toolkit versions through 2018.1.0.18321 **Description** The issue is related to the Pictview image processing library embedded in the ActivePDF toolkit, which is prone to multiple out of bounds write and sign errors. This allows a remote attacker to execute arbitrary code on vulnerable applications that use the ActivePDF Toolkit to process untrusted images. **Recommendations** For versions through 2018.1.0.18321, update to a version later than 2018.1.0.18321 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NoviWare versions through NW400.2.6 **Description** The issue is caused by a stack-based buffer overflow in the ACL component of the NoviWare operating system. This can be exploited by a remote attacker using specially crafted network packets containing operating system commands, potentially allowing the execution of arbitrary code when ACL changes are applied. The vulnerability can be leveraged by remote, unauthenticated attackers to gain privileged code execution on the switch. **Recommendations** For NoviWare versions through NW400.2.6, consider restricting access to the ACL modification functionality until a patch is available, and avoid using the novi process manager daemon service for applying ACL changes to prevent potential exploitation. As a temporary workaround, limit the exposure of the network interface of the novi process manager daemon service to minimize the risk of remote, unauthenticated attacks.

**Name of the Vulnerable Software and Affected Versions** NoviWare versions through NW400.2.6 **Description** The issue arises from a bug in the NoviWare software distribution when applying ACL modifications, which can inadvertently expose network interfaces of the cliengine and noviengine services. This exposure can be leveraged by remote, unauthenticated attackers to gain privileged code execution on the switch due to a stack-based buffer overflow during the unserialization of packet data. The vulnerability is caused by incorrect handling of unserialized network packets, leading to a buffer overflow on the stack. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code during ACL modifications using specially crafted network packets. **Recommendations** For NoviWare versions through NW400.2.6, as a temporary workaround, consider restricting access to the ACL modification functionality until a patch is available. Avoid applying ACL changes from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NoviWare versions through NW400.2.6 **Description** The issue is related to a buffer overflow in the `show log cli` command of the novish command-line interface, which is part of the NoviWare software distribution. This could allow a read-only user to gain privileged code execution on the switch via command injection. The vulnerability can be exploited by a remote attacker with read-only access to gain superuser privileges. **Recommendations** For NoviWare versions through NW400.2.6, consider disabling the `show log cli` command as a temporary workaround until a patch is available. Restrict access to the novish command-line interface to minimize the risk of exploitation. Avoid using the `show log cli` command in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.