Matthias Kaiser

**Name of the Vulnerable Software and Affected Versions** Enterprise Manager Base Platform versions 13.4.0.0 through 13.5.0.0 **Description** The issue exists due to insufficient input validation in the Policy Framework component of the Enterprise Manager Base Platform. This allows a remote attacker to execute arbitrary code via HTTP requests. Successful attacks can result in the takeover of the Enterprise Manager Base Platform. The vulnerability is difficult to exploit and can be used by an unauthenticated attacker with network access via HTTP. **Recommendations** For versions 13.4.0.0 and 13.5.0.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Enterprise Manager Base Platform versions 13.4.0.0 through 13.5.0.0 **Description** The issue exists due to insufficient input validation in the Enterprise Manager Install component of the Enterprise Manager Base Platform. This allows a remote attacker to gain read, modify, add, or delete access to data, or cause a partial denial of service using HTTP requests. Successful attacks can result in unauthorized update, insert, or delete access to some accessible data, as well as unauthorized read access to a subset of accessible data. **Recommendations** For versions 13.4.0.0 and 13.5.0.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Enterprise Manager Install component until a patch is available. Avoid using HTTP requests to access sensitive data in the affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Enterprise Manager versions 13.4.0.0 and 13.5.0.0 **Description** A vulnerability in the Policy Framework component of Oracle Enterprise Manager's Enterprise Manager Base Platform allows a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in the takeover of the Enterprise Manager Base Platform. **Recommendations** For versions 13.4.0.0 and 13.5.0.0, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 10.3.6.0.0 through 14.1.1.0.0 **Description** The issue exists due to insufficient input validation in the Core component of Oracle WebLogic Server, part of the Oracle Fusion Middleware platform. This allows a remote attacker to execute arbitrary code and impact the confidentiality, integrity, and availability of protected information. Successful attacks can result in the takeover of Oracle WebLogic Server. The vulnerability can be exploited by an unauthenticated attacker with network access via T3 or IIOP. **Recommendations** For versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 10.3.6.0.0 through 14.1.1.0.0 **Description** The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via T3 or IIOP to compromise the server. Successful attacks can result in the takeover of Oracle WebLogic Server, impacting confidentiality, integrity, and availability. **Recommendations** For versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 12.2.1.3.0 through 12.2.1.4.0 Oracle WebLogic Server version 14.1.1.0.0 **Description** The issue exists due to insufficient input validation in the Coherence Container component of Oracle WebLogic Server, allowing a remote attacker to compromise the server's confidentiality, integrity, and availability via T3 and IIOP protocols. Successful attacks can result in the takeover of Oracle WebLogic Server. **Recommendations** For Oracle WebLogic Server versions 12.2.1.3.0 through 12.2.1.4.0, update to a version that includes the fix for this issue. For Oracle WebLogic Server version 14.1.1.0.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the T3 and IIOP protocols to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Python versions 3.x through 3.9.1 Description: The issue is related to a buffer overflow in the PyCArg repr function in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input. This occurs because sprintf is used unsafely. The vulnerability can be exploited when handling untrusted floating-point numbers in handlers that call C functions using the ctypes mechanism. Recommendations: For Python versions 3.x through 3.9.1, update to a newer version that contains a fix for this issue, such as Python 3.7.10 or 3.6.13. For Python 3.8 and 3.9, wait for the release of the updated versions, which are currently in the release candidate stage. As a temporary workaround, consider restricting the use of the ctypes mechanism to minimize the risk of exploitation. Avoid using the `c double.from param` function with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MariaDB Connector/C versions prior to 3.1.8 **Description** The issue is related to the improper validation of the content of an OK packet received from a server in the libmariadb/mariadb lib.c file. This problem does not affect any MySQL components supported by Oracle, despite the code originally being based on MySQL. **Recommendations** For versions prior to 3.1.8, update to version 3.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `libmariadb/mariadb lib.c` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 5.4 through 5.6.10 **Description** The issue is related to a heap out-of-bounds write in the netfilter subsystem of the Linux kernel, specifically in the `nf dup netdev.c` file. This can allow local users to gain privileges or cause a denial of service. The problem is related to `nf tables offload`. A researcher managed to hijack the kernel control flow, and an example exploit allows a local user to elevate their privileges in Ubuntu 21.10 with the KASLR protection mechanism disabled. **Recommendations** For Linux kernel versions 5.4 through 5.6.10, consider applying the available patch to fix the issue. As a temporary workaround, restrict access to the vulnerable `nf tables offload` functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 10.3.6.0.0 through 12.1.3.0.0 **Description** The issue is related to insufficient access control in the Application Container - JavaEE component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via the T3 protocol to compromise the server. Successful attacks can result in the takeover of Oracle WebLogic Server. **Recommendations** For versions 10.3.6.0.0 and 12.1.3.0.0, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** systemd-journald versions through v240 systemd-journal-remote versions through v240 **Description** The issue is caused by an unbounded memory allocation in the systemd-journald and systemd-journal-remote binary system, which can lead to a stack clash with another memory region. This can be exploited by a local or remote attacker to crash systemd-journald or execute code with journald privileges. **Recommendations** For versions through v240, consider disabling the `systemd-journald` service until a patch is available to prevent potential exploitation. Restrict access to the `systemd-journal-remote` service to minimize the risk of remote exploitation. Avoid sending a large number of entries to the journal socket to prevent crashing `systemd-journald`. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bamboo versions 2.2 through 5.8.4 Bamboo versions 5.9.x through 5.9.6 **Description** The issue allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code. **Recommendations** For versions 2.2 through 5.8.4, update to version 5.8.5 or later. For versions 5.9.x through 5.9.6, update to version 5.9.7 or later.

**Name of the Vulnerable Software and Affected Versions** Spring AMQP versions prior to 1.5.5 **Description** The issue is related to insufficient input validation in the org.springframework.core.serializer.DefaultDeserializer component of the Spring AMQP application for RabbitMQ message exchange. This allows a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 1.5.5, update to version 1.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the DefaultDeserializer component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM Websphere MQ JMS versions 7.0.1, 7.1, 7.5, 8.0, and 9.0 **Description** The issue allows a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath, as the JMS client provides classes that deserialize objects from untrusted sources. **Recommendations** For IBM Websphere MQ JMS version 7.0.1, update to a fixed version to prevent arbitrary Java code execution. For IBM Websphere MQ JMS version 7.1, update to a fixed version to prevent arbitrary Java code execution. For IBM Websphere MQ JMS version 7.5, update to a fixed version to prevent arbitrary Java code execution. For IBM Websphere MQ JMS version 8.0, update to a fixed version to prevent arbitrary Java code execution. For IBM Websphere MQ JMS version 9.0, update to a fixed version to prevent arbitrary Java code execution.

**Name of the Vulnerable Software and Affected Versions** Jenkins versions prior to 2.32 Jenkins LTS versions prior to 2.19.3 **Description** The issue allows remote attackers to execute arbitrary code via a crafted serialized Java object. This object triggers an LDAP query to a third-party server. **Recommendations** For Jenkins versions prior to 2.32, update to version 2.32 or later. For Jenkins LTS versions prior to 2.19.3, update to version 2.19.3 or later.

**Name of the Vulnerable Software and Affected Versions** IBM MessageSight versions 1.1.x through 1.1.0.1 IBM MessageSight versions 1.2.x through 1.2.0.3 IBM MessageSight versions 2.0.x through 2.0.0.0 **Description** The JMS Client in IBM MessageSight allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors. **Recommendations** For IBM MessageSight versions 1.1.x through 1.1.0.1, update to a version outside of this range to mitigate the risk. For IBM MessageSight versions 1.2.x through 1.2.0.3, update to a version outside of this range to mitigate the risk. For IBM MessageSight versions 2.0.x through 2.0.0.0, update to a version outside of this range to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Acrobat versions (affected versions not specified) **Description** The issue is related to insufficient access control in Adobe PDF viewer and editor software, allowing a remote attacker to bypass JavaScript API execution restrictions. **Recommendations** For Adobe Reader, update to a version that addresses the access control issue. For Adobe Reader Document Cloud, update to a version that addresses the access control issue. For Adobe Acrobat Document Cloud, update to a version that addresses the access control issue. For Adobe Acrobat, update to a version that addresses the access control issue. As a temporary workaround, consider disabling the execution of JavaScript API until a patch is available. Restrict access to sensitive resources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Acrobat versions (affected versions not specified) **Description** The issue is related to insufficient access control in Adobe PDF viewer and editor software. It allows a remote attacker to bypass JavaScript API restrictions. **Recommendations** For Adobe Reader, update to a version that addresses the access control issue. For Adobe Reader Document Cloud, update to a version that addresses the access control issue. For Adobe Acrobat Document Cloud, update to a version that addresses the access control issue. For Adobe Acrobat, update to a version that addresses the access control issue. As a temporary workaround, consider disabling JavaScript execution in Adobe Reader and Adobe Acrobat until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader versions (affected versions not specified) Adobe Acrobat versions (affected versions not specified) **Description** The issue is related to insufficient access control in Adobe Reader and Adobe Acrobat, allowing a remote attacker to bypass JavaScript API execution restrictions. This can be exploited through the JavaScript API. **Recommendations** For Adobe Reader, update to a version that addresses the access control issue. For Adobe Acrobat, consider disabling the execution of JavaScript API until a patch is available. Restrict access to the JavaScript API in Adobe Reader and Adobe Acrobat to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Acrobat versions (affected versions not specified) **Description** The issue is related to insufficient access control in Adobe PDF viewer and editor software. It allows a remote attacker to bypass JavaScript API restrictions. **Recommendations** For Adobe Reader, update to a version that addresses the access control issue. For Adobe Reader Document Cloud, update to a version that addresses the access control issue. For Adobe Acrobat Document Cloud, update to a version that addresses the access control issue. For Adobe Acrobat, update to a version that addresses the access control issue. As a temporary workaround, consider disabling the execution of JavaScript API until a patch is available.