CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6222 – In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages
https://notcve.org/view.php?id=CVE-2024-6222
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host. • https://github.com/Florian-Hoth/CVE-2024-6222 https://docs.docker.com/desktop/release-notes/#4290 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-39870
https://notcve.org/view.php?id=CVE-2024-39870
A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-39596 – [CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now
https://notcve.org/view.php?id=CVE-2024-39596
Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. • https://me.sap.com/notes/3476348 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4944 – Mobile VPN with SSL Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4944
A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. Una vulnerabilidad de escalada de privilegios local en el cliente WatchGuard Mobile VPN con SSL en Windows permite a un usuario local ejecutar comandos arbitrarios con privilegios elevados. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00010 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37999
https://notcve.org/view.php?id=CVE-2024-37999
This could allow an authenticated local attacker to escalate privileges. ... Esto podría permitir que un atacante local autenticado escale privilegios. • https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-501799 • CWE-282: Improper Ownership Management •