Shihao Wen

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.28 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a highly privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For versions 8.0.28 and prior, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.28 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of the MySQL Server system management database. This can be exploited by a remote attacker to gain unauthorized access to modify, add, or delete data, or to cause a denial of service using the MySQL network protocol. Successful attacks can result in the ability to cause a hang or frequently repeatable crash of MySQL Server, as well as unauthorized update, insert, or delete access to some of MySQL Server's accessible data. **Recommendations** For versions 8.0.28 and prior, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenLDAP versions 2.4.45 and earlier **Description** The issue allows local users to potentially kill arbitrary processes by modifying the PID file after privileges have been dropped to a non-root account. This can be exploited before a root script executes a command to kill a process based on the PID file content, as shown in the openldap-initscript demonstration. **Recommendations** For OpenLDAP versions 2.4.45 and earlier, consider restricting access to the PID file to prevent modification by non-root accounts until a fix is available. As a temporary workaround, avoid using scripts that execute "kill `cat /pathname`" commands based on PID files accessible by non-root accounts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.