CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23695
https://notcve.org/view.php?id=CVE-2024-23695
09 Jul 2024 — This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios en el kernel sin necesidad de permisos de ejecución adicionales. • https://source.android.com/security/bulletin/2024-06-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21114
https://notcve.org/view.php?id=CVE-2023-21114
09 Jul 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/packages/modules/Wifi/+/e6ca0c031758d8b1511f6a359bec316b6d2e22fe • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21113
https://notcve.org/view.php?id=CVE-2023-21113
09 Jul 2024 — This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/build/soong/+/e7b7f0833dc47ade981eddfbf462dcc143dddd10 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6222 – In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages
https://notcve.org/view.php?id=CVE-2024-6222
09 Jul 2024 — This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host. • https://github.com/Florian-Hoth/CVE-2024-6222 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-38066 – Windows Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38066
09 Jul 2024 — Windows Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Windows Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38066 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39870
https://notcve.org/view.php?id=CVE-2024-39870
09 Jul 2024 — A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-39596 – [CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now
https://notcve.org/view.php?id=CVE-2024-39596
09 Jul 2024 — Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. ... Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. • https://me.sap.com/notes/3476348 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4944 – Mobile VPN with SSL Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4944
09 Jul 2024 — A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. Una vulnerabilidad de escalada de privilegios local en el cliente WatchGuard Mobile VPN con SSL en Windows permite a un usuario local ejecutar comandos arbitrarios con privilegios elevados. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00010 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37999
https://notcve.org/view.php?id=CVE-2024-37999
08 Jul 2024 — This could allow an authenticated local attacker to escalate privileges. ... Esto podría permitir que un atacante local autenticado escale privilegios. • https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-501799 • CWE-282: Improper Ownership Management •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27717
https://notcve.org/view.php?id=CVE-2024-27717
05 Jul 2024 — Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27717-cross-site-request-forgery-csrf-in-eskooly-web-product-less-than-v3.0 • CWE-352: Cross-Site Request Forgery (CSRF) •