Marc Durdin

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL Server versions 8.0.19 and prior **Description** The issue is related to insufficient access control in the Server: Parser component of Oracle MySQL Server. It can be exploited by a remote attacker to cause a denial of service via the MySQL network protocol. Successful attacks can result in the ability to cause a hang or frequently repeatable crash of MySQL Server. **Recommendations** For versions 8.0.19 and prior, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 **Description** The issue is related to insufficient input validation in the Concurrency component of Oracle Java SE and Java SE Embedded. This can be exploited by an unauthenticated attacker with network access via multiple protocols, potentially leading to a partial denial of service. The vulnerability can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component. **Recommendations** For Java SE versions 7u251, 8u241, 11.0.6, and 14, consider disabling the Concurrency component until a patch is available. For Java SE Embedded version 8u241, restrict access to the Concurrency component to minimize the risk of exploitation. As a temporary workaround, avoid using APIs in the Concurrency component without proper input validation until the issue is resolved.