Simon

Name of the Vulnerable Software and Affected Versions: Microsoft PC Manager (affected versions not specified) Description: The issue is related to improper link resolution before file access, also known as 'link following', which allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The issue arises when a user visits a webpage with an invalid TLS certificate and grants an exception. In this scenario, the webpage can provide a WebAuthn challenge that the user is prompted to complete, violating the WebAuthn specification that requires a secure transport established without errors. Recommendations: For Firefox versions prior to 140, update to version 140 or later to resolve the issue. As a temporary workaround, consider avoiding exceptions for invalid TLS certificates to minimize the risk of exploitation. Restrict access to WebAuthn challenges on webpages with invalid TLS certificates until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (Chromium-based) (affected versions not specified) **Description** The issue is related to improper link resolution before file access, also known as 'link following', in Microsoft Edge (Chromium-based). This allows an authorized attacker to elevate privileges locally. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Office (affected versions not specified) Description: The issue is related to improper access control, allowing an authorized attacker to elevate privileges locally. This can affect the system, potentially leading to further exploitation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XAMPP version 7.1.1-0-VC14 **Description** A vulnerability was found in the Installer component, which can lead to privilege escalation. The attack can be launched remotely, affecting an unknown function. **Recommendations** For XAMPP version 7.1.1-0-VC14, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hadoop version 1.0.3 **Description** The issue arises from Hadoop storing pid files in the shared `/tmp` directory by default, leading to a symlink vulnerability. **Recommendations** For Hadoop version 1.0.3, consider changing the default directory for storing pid files to a more secure location to mitigate the risk of exploitation. As a temporary workaround, restrict access to the `/tmp` directory to minimize the risk of symlink attacks.