Lc

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL Cluster versions 7.4.35 and prior Oracle MySQL Cluster versions 7.5.25 and prior Oracle MySQL Cluster versions 7.6.21 and prior Oracle MySQL Cluster versions 8.0.28 and prior **Description** The issue allows a high-privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service of MySQL Cluster. **Recommendations** For versions 7.4.35 and prior, update to a version later than 7.4.35 to resolve the issue. For versions 7.5.25 and prior, update to a version later than 7.5.25 to resolve the issue. For versions 7.6.21 and prior, update to a version later than 7.6.21 to resolve the issue. For versions 8.0.28 and prior, update to a version later than 8.0.28 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL Cluster versions 7.4.35 and prior Oracle MySQL Cluster versions 7.5.25 and prior Oracle MySQL Cluster versions 7.6.21 and prior Oracle MySQL Cluster versions 8.0.28 and prior **Description** The issue is related to insufficient input validation in the Cluster: General component of Oracle MySQL Cluster, allowing a high-privileged attacker with access to the physical communication segment to compromise the MySQL Cluster. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of MySQL Cluster. **Recommendations** For versions 7.4.35 and prior, update to a version later than 7.4.35 to resolve the issue. For versions 7.5.25 and prior, update to a version later than 7.5.25 to resolve the issue. For versions 7.6.21 and prior, update to a version later than 7.6.21 to resolve the issue. For versions 8.0.28 and prior, update to a version later than 8.0.28 to resolve the issue. As a temporary workaround, consider restricting access to the physical communication segment attached to the hardware where the MySQL Cluster executes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL Cluster versions 7.4.35 and prior Oracle MySQL Cluster versions 7.5.25 and prior Oracle MySQL Cluster versions 7.6.21 and prior Oracle MySQL Cluster versions 8.0.28 and prior **Description** The issue is related to a buffer overflow in the Cluster: General component of Oracle MySQL Cluster, allowing a high-privileged attacker with access to the physical communication segment to compromise the MySQL Cluster. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of the MySQL Cluster. **Recommendations** For versions 7.4.35 and prior, update to a version later than 7.4.35. For versions 7.5.25 and prior, update to a version later than 7.5.25. For versions 7.6.21 and prior, update to a version later than 7.6.21. For versions 8.0.28 and prior, update to a version later than 8.0.28.

Name of the Vulnerable Software and Affected Versions: DokuWiki versions prior to 2017-02-19e Description: The issue arises from the improper encoding of user input in the `call` parameter of the "/lib/exe/ajax.php" API endpoint. This leads to a reflected file download issue, allowing remote attackers to execute arbitrary programs. Recommendations: For versions prior to 2017-02-19e, update to a version that properly encodes user input in the `call` parameter of the "/lib/exe/ajax.php" endpoint to prevent reflected file download attacks. As a temporary workaround, consider restricting access to the "/lib/exe/ajax.php" endpoint until a patch is available.