Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:20 a.m.5 views

CVE-2023-38295

Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-installed app that relies on a missing permission that provides no protection at runtime. The missing permission is required as an access permission by components in various pre-installed apps. On the TCL...

7.8CVSS7.1AI score0.00183EPSS
Exploits0References1
NVD
NVD
added 2024/04/22 3:15 p.m.25 views

CVE-2023-38296

Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers...

8CVSS6.4AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2024/04/22 3:15 p.m.9 views

CVE-2023-38295

Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-installed app that relies on a missing permission that provides no protection at runtime. The missing permission is required as an access permission by components in various pre-installed apps. On the TCL...

7.8CVSS6.7AI score0.00183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/22 12:0 a.m.13 views

CVE-2023-38295

Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-installed app that relies on a missing permission that provides no protection at runtime. The missing permission is required as an access permission by components in various pre-installed apps. On the TCL...

7.1AI score0.00183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/22 12:0 a.m.12 views

CVE-2023-38296

Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers...

6.7AI score0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/22 12:0 a.m.20 views

CVE-2023-38295

Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-installed app that relies on a missing permission that provides no protection at runtime. The missing permission is required as an access permission by components in various pre-installed apps. On the TCL...

7AI score0.00183EPSS
Exploits0References1
CVE
CVE
added 2024/04/22 12:0 a.m.55 views

CVE-2023-38296

CVE-2023-38296 affects TCL 30Z and TCL A3X devices, where the ICCID is leaked to a system property (persist.sys.tctPowerIccid) accessible by any local app without permissions. The issue arises because a high-privilege process exposes the non-resettable device identifier indirectly. Affected build...

8CVSS6.6AI score0.00266EPSS
Exploits0References1
CVE
CVE
added 2024/04/22 12:0 a.m.46 views

CVE-2023-38295

The CVE-2023-38295 entries describe a local privilege escalation in TCL Android devices (TCL 30Z and TCL 10L) caused by a vulnerable pre-installed app (com.tcl.screenrecorder on TCL 30Z and com.tcl.sos on TCL 10L) that lacks a runtime permission. A third-party app can declare and request the miss...

7.8CVSS7AI score0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/22 12:0 a.m.26 views

CVE-2023-38296

Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers...

6.6AI score0.00266EPSS
Exploits0References1
Rows per page
Query Builder