CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40505
https://notcve.org/view.php?id=CVE-2024-40505
16 Jul 2024 — Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. ... **UNSUPPORTED WHEN ASSIGNED** Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. • https://coldwx.github.io/CVE-2024-40505.html • CWE-35: Path Traversal: '.../ •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6689 – Local privilege escalation vulnerability in baramundi Management Agent via MSI Installer
https://notcve.org/view.php?id=CVE-2024-6689
15 Jul 2024 — Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM. • https://www.baramundi.com/en-us/security-info/s-2024-01 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6286 – Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
https://notcve.org/view.php?id=CVE-2024-6286
10 Jul 2024 — Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows La escalada de privilegios locales permite a un usuario con pocos privilegios obtener privilegios de SYSTEM en la aplicación Citrix Workspace para Windows Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows • https://support.citrix.com/article/CTX678036 • CWE-269: Improper Privilege Management •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6151 – Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
https://notcve.org/view.php?id=CVE-2024-6151
10 Jul 2024 — Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS La escalada de privilegios locales permite a un usuario con pocos privilegios obtener privilegios de SYSTEM en Virtual Delivery Agent para Windows utilizado por Citrix Virtual Apps and Desktops y Citrix DaaS. Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for ... • https://support.citrix.com/article/CTX678035 • CWE-269: Improper Privilege Management •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6222 – In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages
https://notcve.org/view.php?id=CVE-2024-6222
09 Jul 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host. • https://github.com/Florian-Hoth/CVE-2024-6222 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-38066 – Windows Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38066
09 Jul 2024 — Windows Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Windows Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38066 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39870
https://notcve.org/view.php?id=CVE-2024-39870
09 Jul 2024 — A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-39596 – [CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now
https://notcve.org/view.php?id=CVE-2024-39596
09 Jul 2024 — Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. ... Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. • https://me.sap.com/notes/3476348 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4944 – Mobile VPN with SSL Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4944
09 Jul 2024 — A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00010 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37999
https://notcve.org/view.php?id=CVE-2024-37999
08 Jul 2024 — This could allow an authenticated local attacker to escalate privileges. • https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-501799 • CWE-282: Improper Ownership Management •