How severe is CVE-2021-0591?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2021-0591?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2021-0591 - HIGH Severity | CVSS 7.3

Vulnerability Description

In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179386960

Related Vulnerabilities

CVE-2022-46869

HIGH

CVSS:7.3(High)

Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.

CWE-6102022

CVE-2024-24760

HIGH

CVSS:7.3(High)

mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability...

CWE-6102024

CVE-2024-29069

HIGH

CVSS:7.3(High)

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic li...

CWE-6102024

CVE-2021-27183

HIGH

CVSS:7.2(High)

An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location...

CWE-6102021

CVE-2021-41244

HIGH

CVSS:7.2(High)

Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Gr...

CWE-6102021

CVE-2022-24241

HIGH

CVSS:7.5(High)

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.

CWE-6102022