Tongqing Zhu

**Nome do software vulnerável e versões afetadas** Kernel do Windows (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma vulnerabilidade de elevação de privilégios no Kernel do Windows, que pode ser causada por um estouro de buffer. Essa vulnerabilidade permite que um invasor possa aumentar seus privilégios no sistema. Não há informações disponíveis sobre o número estimado de dispositivos potencialmente afetados em todo o mundo ou sobre incidentes reais em que esse problema tenha sido explorado. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Windows AppX Deployment Server (affected versions not specified) **Description** The issue is related to errors in connection handling within the Windows AppX Deployment Server component of Windows operating systems. It allows an attacker to potentially elevate their privileges using a specially crafted application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Visual Studio (affected versions not specified) Git for Visual Studio (affected versions not specified) **Description** The issue is related to errors in privilege management in the Git component of Microsoft Visual Studio. It allows an attacker to elevate their privileges. An attacker who successfully exploits the issue could execute code in the context of another local user. To exploit, an authenticated attacker would need to modify Git configuration files on a system and then convince another user to execute specific Git commands. **Recommendations** For Microsoft Visual Studio, update the software to change the permissions required to edit configuration files. For Git for Visual Studio, update the software to change the permissions required to edit configuration files. As a temporary workaround, consider restricting access to Git configuration files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Evernote version 6.15 **Description** The issue is related to an incorrectly repaired stored XSS vulnerability. An attacker can exploit this to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution of commands on the victim's computer. **Recommendations** For Evernote version 6.15, consider disabling the Present mode feature until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to sensitive files and avoid opening notes from untrusted sources to minimize the risk of remote command execution.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 4.8.5 **Description** An issue allows an attacker to read any file on the server that the web server's user can access when the AllowArbitraryServer configuration setting is set to true. This is related to the mysql.allow local infile PHP configuration and the inadvertent ignoring of `options(MYSQLI OPT LOCAL INFILE)` calls. **Recommendations** For versions prior to 4.8.5, update to version 4.8.5 or later to resolve the issue. As a temporary workaround, consider setting the AllowArbitraryServer configuration setting to false to minimize the risk of exploitation. Additionally, restrict the use of the `mysql.allow local infile` PHP configuration to prevent unauthorized file access.