CVE-2024-39520 – Junos OS Evolved: CLI parameter processing issue allows privilege escalation
https://notcve.org/view.php?id=CVE-2024-39520
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * All version before 20.4R3-S6-EVO, * 21.2-EVO versions before 21.2R3-S4-EVO, * 21.4-EVO versions before 21.4R3-S6-EVO, * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO. • https://supportportal.juniper.net/JSA82975 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-6286 – Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
https://notcve.org/view.php?id=CVE-2024-6286
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows La escalada de privilegios locales permite a un usuario con pocos privilegios obtener privilegios de SYSTEM en la aplicación Citrix Workspace para Windows • https://support.citrix.com/article/CTX678036 • CWE-269: Improper Privilege Management •
CVE-2024-6151 – Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
https://notcve.org/view.php?id=CVE-2024-6151
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS La escalada de privilegios locales permite a un usuario con pocos privilegios obtener privilegios de SYSTEM en Virtual Delivery Agent para Windows utilizado por Citrix Virtual Apps and Desktops y Citrix DaaS. • https://support.citrix.com/article/CTX678035 • CWE-269: Improper Privilege Management •
CVE-2024-6222 – In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages
https://notcve.org/view.php?id=CVE-2024-6222
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host. • https://github.com/Florian-Hoth/CVE-2024-6222 https://docs.docker.com/desktop/release-notes/#4290 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVE-2024-38066 – Windows Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38066
Windows Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Windows Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38066 • CWE-416: Use After Free •