CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21113
https://notcve.org/view.php?id=CVE-2023-21113
This could lead to local escalation of privilege with no additional execution privileges needed. ... Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://android.googlesource.com/platform/build/soong/+/e7b7f0833dc47ade981eddfbf462dcc143dddd10 https://android.googlesource.com/platform/frameworks/base/+/17dd11248a66b2722aa3ef07701b7f09a64160e5 https://android.googlesource.com/platform/prebuilts/module_sdk/Wifi/+/c705bae1a4d50bd7b4f8cc919097d1aae568dd22 https://source.android.com/security/bulletin/2024-06-01 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6222 – In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages
https://notcve.org/view.php?id=CVE-2024-6222
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host. • https://github.com/Florian-Hoth/CVE-2024-6222 https://docs.docker.com/desktop/release-notes/#4290 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2024-38066 – Windows Win32k Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-38066
Windows Win32k Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Windows Win32k This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38066 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-39870
https://notcve.org/view.php?id=CVE-2024-39870
A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-39596 – [CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now
https://notcve.org/view.php?id=CVE-2024-39596
Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. • https://me.sap.com/notes/3476348 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •