Rodrigo Marcos

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 5.6.35 and earlier MySQL Server versions 5.7.17 and earlier **Description** The issue is related to an integer overflow in the MySQL Server component, specifically in the Pluggable Auth subcomponent. This allows an unauthenticated attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server. The vulnerability can be exploited by a remote attacker using specially crafted authentication packets. **Recommendations** For MySQL Server versions 5.6.35 and earlier, update to a version later than 5.6.35 to resolve the issue. For MySQL Server versions 5.7.17 and earlier, update to a version later than 5.7.17 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TYPO3 version 3.7.1 **Description** The issue allows remote attackers to obtain sensitive information by making a direct request to certain scripts, including `thumbs.php`, `showpic.php`, or `tables.php`. This causes the scripts to incorrectly define a variable, resulting in an error message that reveals the path when a require function call fails. **Recommendations** For TYPO3 version 3.7.1, consider restricting access to the `thumbs.php`, `showpic.php`, and `tables.php` scripts to minimize the risk of exploitation. As a temporary workaround, avoid using these scripts until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.