T. Doğa Gelişli

**Name of the Vulnerable Software and Affected Versions** Discord Client (affected versions not specified) **Description** A local privilege escalation issue exists in Discord Client due to an uncontrolled search path element within the discord rpc module. This allows a local attacker who has already obtained low-privileged code execution to escalate their privileges and potentially execute arbitrary code within the context of a target user. The flaw involves the product loading a file from an unsecured location. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions 11.0.0-M1 through 11.0.7 Apache Tomcat versions 10.1.0 through 10.1.41 Apache Tomcat versions 9.0.23 through 9.0.105 **Description** The issue is related to an Untrusted Search Path vulnerability in the Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. **Recommendations** For Apache Tomcat versions 11.0.0-M1 through 11.0.7, upgrade to version 11.0.8. For Apache Tomcat versions 10.1.0 through 10.1.41, upgrade to version 10.1.42. For Apache Tomcat versions 9.0.23 through 9.0.105, upgrade to version 9.0.106.

**Name of the Vulnerable Software and Affected Versions** MongoDB Compass versions prior to 1.42.1 **Description** The issue may allow local privilege escalation under certain conditions, potentially enabling unauthorized actions on a user's system with elevated privileges. This can occur when a crafted file is stored in a specific location, such as `C: ode modules`. **Recommendations** For versions prior to 1.42.1, update to version 1.42.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `C: ode modules` directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mongosh versions prior to 2.3.0 **Description** The issue may allow local privilege escalation under certain conditions, potentially enabling unauthorized actions on a user's system with elevated privilege. This can occur when a crafted file is stored in a specific directory, C: ode modules. **Recommendations** For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue.