Girlelecta

**Name of the Vulnerable Software and Affected Versions** LibRaw (affected versions not specified) **Description** The issue is related to an out-of-bounds read that can occur within the `simple decode row()` function, specifically in the `x3f utils patched.cpp` component of the LibRaw image processing library. This can be triggered by an image with a large `row stride` field, potentially allowing an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology version 8.5.5 Description: The issue affects the Oracle Outside In Technology product, a suite of software development kits (SDKs), allowing an unauthenticated attacker with network access via HTTP to compromise the technology. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Recommendations: For version 8.5.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology version 8.5.5 Description: The issue affects the Oracle Outside In Technology product, a suite of software development kits (SDKs), allowing an unauthenticated attacker with network access via HTTP to compromise the technology. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Recommendations: For version 8.5.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.5 **Description** The issue exists due to insufficient input validation in the Outside In Filters component of Oracle Outside In Technology. This allows a remote attacker to cause a denial of service via the HTTP protocol. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle Outside In Technology, potentially leading to a complete denial of service. Outside In Technology is a suite of software development kits, and the impact depends on how the software using it handles network data. **Recommendations** For version 8.5.5, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.5 **Description** The issue is related to insufficient input validation in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology, potentially leading to unauthorized creation, deletion, or modification access to critical data. **Recommendations** For Oracle Outside In Technology version 8.5.5, consider disabling the Outside In Filters component until a patch is available to prevent potential exploitation. Restrict access to the affected component to minimize the risk of unauthorized data access or system crashes. Avoid using the affected SDKs in applications that pass data received over a network directly to Outside In Technology until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.5 **Description** The issue is related to insufficient input validation in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology, as well as potential unauthorized creation, deletion, or modification access to critical data. **Recommendations** For Oracle Outside In Technology version 8.5.5, consider disabling the Outside In Filters component until a patch is available to prevent potential exploitation. Restrict access to the affected component to minimize the risk of unauthorized data access or system crashes. Avoid using the affected software to process data received over a network until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.5 **Description** The issue is related to insufficient input validation in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. **Recommendations** For version 8.5.5, consider restricting network access to the Outside In Technology component until a patch is available. As a temporary workaround, consider disabling the Outside In Filters component to minimize the risk of exploitation. Avoid passing data received over a network directly to Outside In Technology until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.25 and prior **Description** The issue is related to errors in resource release in the MySQL Server product, specifically in the Server: Optimizer component. This allows a remote attacker to cause a denial of service, potentially leading to a hang or frequent crashes of the MySQL Server. The vulnerability can be easily exploited by a high-privileged attacker with network access via multiple protocols. **Recommendations** For MySQL Server versions 8.0.25 and prior, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation. Additionally, monitor the server for signs of denial of service attacks and be prepared to restart the service if necessary. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.5 **Description** The issue is related to insufficient input validation in the Outside In Filters component of the Oracle Outside In Technology product, which is a suite of software development kits (SDKs). This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, resulting in the ability to cause a hang or frequently repeatable crash (complete DOS) of the system. The protocol and impact depend on the software that uses Outside In Technology. **Recommendations** For version 8.5.5, consider restricting network access to the Outside In Technology component until a patch is available. As a temporary workaround, disabling the Outside In Filters component may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.5 **Description** The issue is related to insufficient input validation in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This can be exploited by an unauthenticated attacker with network access via HTTP, potentially allowing them to compromise Oracle Outside In Technology. Successful attacks may result in unauthorized access to critical data, including creation, deletion, or modification of data, as well as unauthorized read access to a subset of accessible data. The vulnerability can also cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. **Recommendations** For version 8.5.5, consider disabling the Outside In Filters component until a patch is available to prevent potential exploitation. Restrict access to the affected component to minimize the risk of unauthorized data access or modification. Avoid using the affected Oracle Outside In Technology version in environments where data is received over a network to reduce the potential impact. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.5 **Description** The issue is related to insufficient input validation in the Outside In Filters component of Oracle Outside In Technology, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to data, including creation, deletion, or modification of critical data, as well as unauthorized read access to a subset of accessible data. The protocol and impact depend on the software that uses Outside In Technology. **Recommendations** For Oracle Outside In Technology version 8.5.5, consider restricting access to the Outside In Filters component to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of the HTTP protocol to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.5 **Description** The issue is related to insufficient input validation in the Outside In Filters component of Oracle Outside In Technology, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle Outside In Technology, potentially leading to a denial of service. The protocol and impact depend on the software that uses Outside In Technology. **Recommendations** For version 8.5.5, consider disabling the Outside In Filters component until a patch is available to prevent potential exploitation. As a temporary workaround, restrict access to the Oracle Outside In Technology component to minimize the risk of exploitation. Avoid using the Oracle Outside In Technology component with network-received data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.5 **Description** The issue exists due to insufficient input validation in the Outside In Filters component of Oracle Outside In Technology. This allows a remote attacker to cause a denial of service via the HTTP protocol. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle Outside In Technology, potentially leading to unauthorized creation, deletion, or modification access to critical data. **Recommendations** For version 8.5.5, consider restricting access to the Outside In Filters component until a patch is available. As a temporary workaround, avoid using the HTTP protocol to pass data directly to Outside In Technology. Restrict network access to the component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libgcrypt versions 1.8.7 and earlier Libgcrypt versions 1.9.x before 1.9.3 **Description** The issue is related to the mishandling of ElGamal encryption due to the lack of exponent blinding, making it vulnerable to a side-channel attack against `mpi powm`. The window size is also not chosen appropriately. This affects the use of ElGamal in OpenPGP. The vulnerability is associated with the use of a weak cryptographic algorithm, which can allow a remote attacker to access confidential information. **Recommendations** For Libgcrypt versions 1.8.7 and earlier, update to version 1.8.8 or later. For Libgcrypt versions 1.9.x before 1.9.3, update to version 1.9.3 or later. As a temporary workaround, consider disabling the use of ElGamal encryption until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.5 **Description** The issue is related to insufficient input validation in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, resulting in unauthorized creation, deletion, or modification access to critical data, as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. The attacker can exploit this vulnerability remotely using HTTP requests. **Recommendations** For version 8.5.5, consider restricting access to the Outside In Filters component until a patch is available. As a temporary workaround, ensure that any software using Outside In Technology does not pass unvalidated data received over a network directly to it.

**Name of the Vulnerable Software and Affected Versions** Oracle iStore versions 12.1.1 through 12.1.3 **Description** The issue is related to errors in the code of the Shopping Cart component in Oracle iStore, part of the Oracle E-Business Suite. This can be exploited by a remote attacker using HTTP requests to gain unauthorized access to the device. Successful attacks can result in unauthorized creation, deletion, or modification of critical data, as well as complete access to all Oracle iStore accessible data. **Recommendations** For versions 12.1.1 through 12.1.3, update to a version that includes the fix for this issue to prevent unauthorized access and data manipulation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology versions 8.5.4 through 8.5.5 Description: The issue is related to insufficient access controls in the Outside In Filters component of Oracle Outside In Technology, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized creation, deletion, or modification of critical data, as well as unauthorized read access to a subset of data and the ability to cause a partial denial of service. Outside In Technology is a suite of software development kits (SDKs), and the protocol and impact depend on the software using the Outside In Technology code. Recommendations: For versions 8.5.4 and 8.5.5, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology versions 8.5.4 through 8.5.5 Description: The issue is related to insufficient access controls in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, resulting in unauthorized creation, deletion, or modification access to critical data, as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. The attacker can also cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Recommendations: For versions 8.5.4 and 8.5.5, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology versions 8.5.4 through 8.5.5 Description: The issue is related to inadequate access controls in the Oracle Outside In Technology product, specifically the Outside In Filters component. This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, resulting in unauthorized access to critical data, including creation, deletion, or modification of data, as well as unauthorized read access to a subset of data. Additionally, it can cause a partial denial of service (DOS) of Oracle Outside In Technology. Recommendations: For versions 8.5.4 and 8.5.5, update to a version that includes the fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibRaw (affected versions not specified) **Description** The issue is related to an out-of-bounds read within the `LibRaw::adobe copy pixel()` function when reading data from an image file. This can potentially allow an attacker to cause a denial of service using a specially crafted malicious file. The vulnerability is associated with the `librawsrcdecodersdng.cpp` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.