CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-6151 – Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
https://notcve.org/view.php?id=CVE-2024-6151
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS La escalada de privilegios locales permite a un usuario con pocos privilegios obtener privilegios de SYSTEM en Virtual Delivery Agent para Windows utilizado por Citrix Virtual Apps and Desktops y Citrix DaaS. • https://support.citrix.com/article/CTX678035 • CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6222 – In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages
https://notcve.org/view.php?id=CVE-2024-6222
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host. • https://github.com/Florian-Hoth/CVE-2024-6222 https://docs.docker.com/desktop/release-notes/#4290 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 9.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-39872
https://notcve.org/view.php?id=CVE-2024-39872
This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-378: Creation of Temporary File With Insecure Permissions •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-39870
https://notcve.org/view.php?id=CVE-2024-39870
A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-39596 – [CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now
https://notcve.org/view.php?id=CVE-2024-39596
Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. • https://me.sap.com/notes/3476348 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •