Total
2609 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21421 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. | |||||
| CVE-2023-21397 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21396 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21376 | 1 Google | 1 Android | 2026-06-17 | N/A | 5.5 MEDIUM |
| In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21374 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21343 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21272 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21269 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21114 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21113 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21068 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243433344References: N/A | |||||
| CVE-2023-20995 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241910279 | |||||
| CVE-2023-20854 | 2 Microsoft, Vmware | 2 Windows, Workstation | 2026-06-17 | N/A | 8.4 HIGH |
| VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed. | |||||
| CVE-2023-20680 | 2 Google, Mediatek | 22 Android, Mt6779, Mt6781 and 19 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785. | |||||
| CVE-2023-20655 | 2 Google, Mediatek | 60 Android, Mt2715, Mt6580 and 57 more | 2026-06-17 | N/A | 7.8 HIGH |
| In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022. | |||||
| CVE-2023-20598 | 1 Amd | 107 Radeon Pro W5500, Radeon Pro W5700, Radeon Pro W6300 and 104 more | 2026-06-17 | N/A | 7.8 HIGH |
| An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. | |||||
| CVE-2023-20565 | 1 Amd | 142 Ryzen 3 5100, Ryzen 3 5100 Firmware, Ryzen 3 5125c and 139 more | 2026-06-17 | N/A | 7.8 HIGH |
| Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-20563 | 1 Amd | 142 Ryzen 3 5100, Ryzen 3 5100 Firmware, Ryzen 3 5125c and 139 more | 2026-06-17 | N/A | 7.8 HIGH |
| Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-20266 | 1 Cisco | 3 Emergency Responder, Unified Communications Manager, Unity Connection | 2026-06-17 | N/A | 6.5 MEDIUM |
| A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device. | |||||
| CVE-2023-20235 | 1 Cisco | 20 Catalyst Ie3200 Rugged Switch, Catalyst Ie3300 Rugged Switch, Catalyst Ie3400 Rugged Switch and 17 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems. | |||||