← Back

Coloros

coloros

Vendor: Oppo • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-26310
1Oppo
1Coloros
Nov 21, 2024
Aug 9, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
There is a command injection problem in the old version of the mobile phone backup app.
CVE-2021-23246
1Oppo
1Coloros
Nov 21, 2024
Mar 11, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.
CVE-2021-23244
1Oppo
1Coloros
Nov 21, 2024
Dec 27, 2021
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obta...Show more
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.Show less
CVE-2020-11829
1Oppo
1Coloros
Nov 21, 2024
Nov 19, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.
CVE-2020-11828
1Oppo
1Coloros
Nov 21, 2024
Apr 21, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to...Show more
In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.Show less