cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
7.8
Published
2023-09-11
Updated
2023-09-14
EPSS
0.04%
In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-228450832
Max CVSS
7.8
Published
2023-04-19
Updated
2023-04-29
EPSS
0.04%
In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890
Max CVSS
7.8
Published
2023-02-28
Updated
2023-03-06
EPSS
0.04%
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.
Max CVSS
5.5
Published
2022-08-05
Updated
2023-06-29
EPSS
0.04%
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.
Max CVSS
4.0
Published
2022-05-03
Updated
2022-05-11
EPSS
0.04%
In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240685104
Max CVSS
5.5
Published
2022-11-08
Updated
2022-11-09
EPSS
0.05%
In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239701237
Max CVSS
4.4
Published
2022-12-13
Updated
2022-12-15
EPSS
0.04%
In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295
Max CVSS
7.8
Published
2022-09-13
Updated
2022-09-17
EPSS
0.04%
In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06270870.
Max CVSS
5.5
Published
2022-05-03
Updated
2022-05-12
EPSS
0.05%
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.
Max CVSS
7.8
Published
2021-12-08
Updated
2021-12-10
EPSS
0.04%
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.
Max CVSS
8.0
Published
2021-10-06
Updated
2021-10-13
EPSS
0.04%
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
Max CVSS
5.5
Published
2021-09-09
Updated
2021-09-23
EPSS
0.04%
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
Max CVSS
6.5
Published
2021-09-09
Updated
2021-09-22
EPSS
0.05%
An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.
Max CVSS
8.8
Published
2021-04-09
Updated
2022-09-23
EPSS
0.04%
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!