Vulnerabilities > Oneplus > Oxygenos > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-29 CVE-2017-5947 Unspecified vulnerability in Oneplus Oxygenos
An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier.
low complexity
oneplus
6.8
2017-05-11 CVE-2017-8851 Cleartext Transmission of Sensitive Information vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus One and X devices.
network
high complexity
oneplus CWE-319
5.9
2017-05-11 CVE-2017-8850 Cleartext Transmission of Sensitive Information vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices.
network
high complexity
oneplus CWE-319
5.9
2017-05-11 CVE-2017-5948 Improper Input Validation vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices.
network
high complexity
oneplus CWE-20
5.9
2017-04-25 CVE-2017-5625 NULL Pointer Dereference vulnerability in Oneplus Oxygenos 3.2.8/3.5.4/4.0.2
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command.
low complexity
oneplus CWE-476
4.6
2017-03-26 CVE-2017-5622 Incorrect Default Permissions vulnerability in Oneplus Oxygenos 3.2.8/3.5.4/4.0.2
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled.
low complexity
oneplus CWE-276
5.9
2017-03-19 CVE-2017-5623 Improper Privilege Management vulnerability in Oneplus Oxygenos
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices.
low complexity
oneplus CWE-269
6.6