Total
1482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21512 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 2.4 LOW |
| Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission. | |||||
| CVE-2023-21433 | 1 Samsung | 1 Galaxy Store | 2026-06-17 | N/A | 7.8 HIGH |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | |||||
| CVE-2023-21270 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21216 | 1 Google | 1 Android | 2026-06-17 | N/A | 9.8 CRITICAL |
| In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21187 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246542917 | |||||
| CVE-2023-21175 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243574 | |||||
| CVE-2023-21139 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271845008 | |||||
| CVE-2023-21138 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-273260090 | |||||
| CVE-2023-21129 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-274759612 | |||||
| CVE-2023-21128 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-272042183 | |||||
| CVE-2023-21126 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271846393 | |||||
| CVE-2023-21121 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-205460459 | |||||
| CVE-2023-21107 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017 | |||||
| CVE-2023-21104 | 1 Google | 1 Android | 2026-06-17 | N/A | 5.5 MEDIUM |
| In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771 | |||||
| CVE-2023-20178 | 1 Cisco | 2 Anyconnect Secure Mobility Client, Secure Client | 2026-06-17 | N/A | 7.8 HIGH |
| A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges. | |||||
| CVE-2023-20043 | 1 Cisco | 1 Cx Cloud Agent | 2026-06-17 | N/A | 6.7 MEDIUM |
| A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device. | |||||
| CVE-2023-1907 | 1 Pgadmin | 1 Pgadmin | 2026-06-17 | N/A | 8.0 HIGH |
| A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously. | |||||
| CVE-2023-1809 | 1 W3eden | 1 Download Manager | 2026-06-17 | N/A | 7.5 HIGH |
| The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. | |||||
| CVE-2023-1693 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 7.5 HIGH |
| The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-1229 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||