Marco Marsala

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 5.6.48 and prior MySQL Server versions 5.7.30 and prior MySQL Server versions 8.0.20 and prior Oracle PeopleSoft Enterprise PeopleTools (affected versions not specified) **Description** The issue allows an attacker with network access via multiple protocols to compromise the MySQL Server, resulting in unauthorized read access to a subset of MySQL Server accessible data. The vulnerability is also related to insufficient input validation in the Portal component of Oracle PeopleSoft Enterprise PeopleTools, which can allow a remote attacker to gain unauthorized access to protected information using the HTTP protocol. **Recommendations** For MySQL Server versions 5.6.48 and prior, update to a version later than 5.6.48 to resolve the issue. For MySQL Server versions 5.7.30 and prior, update to a version later than 5.7.30 to resolve the issue. For MySQL Server versions 8.0.20 and prior, update to a version later than 8.0.20 to resolve the issue. For Oracle PeopleSoft Enterprise PeopleTools, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MagicSpam extension versions prior to 2.0.14-1 Description: The issue allows local users to discover mailbox names by reading the /var/log/magicspam/mslog file. Recommendations: For MagicSpam extension versions prior to 2.0.14-1, update to version 2.0.14-1 or later to resolve the issue.