Instructor

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 5.2.36 Oracle VM VirtualBox versions prior to 6.0.16 Oracle VM VirtualBox versions prior to 6.1.2 **Description** The issue is related to a lack of protection for internal data in the Core component of Oracle VM VirtualBox. Exploitation of this issue may allow an attacker to disclose protected information. A high-privileged attacker with logon access to the infrastructure where Oracle VM VirtualBox is executed can compromise Oracle VM VirtualBox. Successful attacks can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. **Recommendations** For versions prior to 5.2.36, update to version 5.2.36 or later. For versions prior to 6.0.16, update to version 6.0.16 or later. For versions prior to 6.1.2, update to version 6.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.18 and prior **Description** The issue is related to inadequate access control in the MySQL Server product, specifically in the Server: Information Schema component. It allows an attacker with network access via multiple protocols to compromise the MySQL Server, resulting in unauthorized read access to a subset of MySQL Server accessible data. The vulnerability can be exploited by an attacker to gain access to protected information using protocols such as HTTP. **Recommendations** For versions 8.0.18 and prior, update to a version that contains a fix for this issue to prevent unauthorized access to MySQL Server data. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation. Restrict access to the Server: Information Schema component to prevent attackers from gaining unauthorized access to MySQL Server data.