14 matches found
CVE-2023-38301
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...
CVE-2023-38296
Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers...
CVE-2023-38294
Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...
CVE-2023-38295
Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-installed app that relies on a missing permission that provides no protection at runtime. The missing permission is required as an access permission by components in various pre-installed apps. On the TCL...
CVE-2023-38295
Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-installed app that relies on a missing permission that provides no protection at runtime. The missing permission is required as an access permission by components in various pre-installed apps. On the TCL...
CVE-2023-38296
Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers...
CVE-2023-38293
CVE-2023-38293 concerns Nokia C200/C100 devices with a pre-installed com.tracfone.tfstatus app. It allows local third-party apps to inject and execute arbitrary AT commands in the radio context by exploiting two input/injection techniques via a broadcast to com.tracfone.tfstatus/.TFStatus, with n...
CVE-2023-38294
Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...
CVE-2023-38292
Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy versionCode='2', versionName='v11.0.1.0.0201.0' that allows local third-party apps to programmatically perform a factory reset due to inadequate acces...
CVE-2023-38294
Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...
CVE-2023-38298
CVE-2023-38298 affects TCL devices: 30Z, A3X, 20XE, and 10L. A high-privilege process leaks the IMEI to the system property gsm.device.imei0 , which can be read by any local app without permissions. This enables indirect IMEI exposure by non-privileged apps. Affected builds include specific TCL d...
CVE-2023-38295
The CVE-2023-38295 entries describe a local privilege escalation in TCL Android devices (TCL 30Z and TCL 10L) caused by a vulnerable pre-installed app (com.tcl.screenrecorder on TCL 30Z and com.tcl.sos on TCL 10L) that lacks a runtime permission. A third-party app can declare and request the miss...
CVE-2023-38290
CVE-2023-38290 affects BLU View 2 and Sharp Rouvo V Android devices due to a vulnerable pre-installed com.evenwell.fqc app. The issue: inadequate access control lets local third-party apps execute arbitrary shell commands in the app’s system context without special permissions, enabling actions s...
CVE-2023-38292
CVE-2023-38292 affects TCL 20XE devices with vulnerable pre-installed app com.tct.gcs.hiddenmenuproxy (versionCode 2, versionName v11.0.1.0.0201.0). The issue allows local third-party apps to initiate a programmatic factory reset by sending a broadcast to the exported com.tct.gcs.hiddenmenuproxy/...