CVE-2021-0952

MEDIUM Year: 2021
CVSS v3 Score
5.0
Medium
CVSS v2 Score
4.7
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-195748381

Related Vulnerabilities

CVE-2016-5553

MEDIUM
CVSS:5.0(Medium)

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors.

NVD-CWE-Other2016

CVE-2017-10221

MEDIUM
CVSS:5.0(Medium)

Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulner...

NVD-CWE-Other2017

CVE-2017-10275

MEDIUM
CVSS:5.0(Medium)

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). The supported version that is affected is AK 2013. Easily exploitable...

NVD-CWE-Other2017

CVE-2017-10428

MEDIUM
CVSS:5.0(Medium)

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Difficult to exploit vulnerability allows ...

NVD-CWE-Other2017

CVE-2017-2516

MEDIUM
CVSS:5.0(Medium)

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a cr...

NVD-CWE-Other2017

CVE-2017-3475

MEDIUM
CVSS:5.0(Medium)

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 a...

NVD-CWE-Other2017