CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21126
https://notcve.org/view.php?id=CVE-2023-21126
This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2023-06-01 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21101
https://notcve.org/view.php?id=CVE-2023-21101
This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2023-06-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21131
https://notcve.org/view.php?id=CVE-2023-21131
This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution privileges needed. • https://source.android.com/security/bulletin/2023-06-01 •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2023-24032
https://notcve.org/view.php?id=CVE-2023-24032
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE). En Zimbra Collaboration Suite a través de las versiones 9.0 y 8.8.15, un atacante (que tiene acceso de usuario inicial a una instancia de servidor Zimbra) puede ejecutar comandos como root pasando uno de los argumentos "JVM", lo que lleva a la escalada de privilegios local (LPE). • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21124
https://notcve.org/view.php?id=CVE-2023-21124
In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/security/bulletin/2023-06-01 • CWE-502: Deserialization of Untrusted Data •