Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access.
Max CVSS
8.4
EPSS Score
0.04%
Published
2022-04-11
Updated
2022-04-27
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.
Max CVSS
8.0
EPSS Score
0.04%
Published
2021-10-06
Updated
2021-10-13
An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.
Max CVSS
8.8
EPSS Score
0.04%
Published
2021-04-09
Updated
2022-09-23
In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183.
Max CVSS
8.8
EPSS Score
0.24%
Published
2018-11-06
Updated
2019-01-30
4 vulnerabilities found