CVE-2021-0588

MEDIUM Year: 2021
CVSS v3 Score
5.5
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-668
View all →

Vulnerability Description

In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-177238342

Related Vulnerabilities

CVE-2005-2351

MEDIUM
CVSS:5.5(Medium)

Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.

CWE-6682005

CVE-2008-2544

MEDIUM
CVSS:5.5(Medium)

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.

CWE-6682008

CVE-2013-0163

MEDIUM
CVSS:5.5(Medium)

OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS

CWE-6682013

CVE-2013-4280

MEDIUM
CVSS:5.5(Medium)

Insecure temporary file vulnerability in RedHat vsdm 4.9.6.

CWE-6682013

CVE-2017-17087

MEDIUM
CVSS:5.5(Medium)

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users...

CWE-6682017

CVE-2018-20947

MEDIUM
CVSS:5.5(Medium)

cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).

CWE-6682018