Vulnerabilities > Oneplus > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-09 CVE-2020-13626 Missing Authorization vulnerability in Oneplus APP Locker 20201006
OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.
low complexity
oneplus CWE-862
4.6
2020-04-14 CVE-2020-7958 Unspecified vulnerability in Oneplus 7 PRO Firmware
An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA.
local
low complexity
oneplus
6.0
2018-03-29 CVE-2017-5947 Unspecified vulnerability in Oneplus Oxygenos
An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier.
low complexity
oneplus
6.8
2017-05-11 CVE-2017-8851 Cleartext Transmission of Sensitive Information vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus One and X devices.
network
high complexity
oneplus CWE-319
5.9
2017-05-11 CVE-2017-8850 Cleartext Transmission of Sensitive Information vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices.
network
high complexity
oneplus CWE-319
5.9
2017-05-11 CVE-2017-5948 Improper Input Validation vulnerability in Oneplus Oxygenos
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices.
network
high complexity
oneplus CWE-20
5.9
2017-04-25 CVE-2017-5625 NULL Pointer Dereference vulnerability in Oneplus Oxygenos 3.2.8/3.5.4/4.0.2
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command.
low complexity
oneplus CWE-476
4.6
2017-03-26 CVE-2017-5622 Incorrect Default Permissions vulnerability in Oneplus Oxygenos 3.2.8/3.5.4/4.0.2
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled.
low complexity
oneplus CWE-276
5.9
2017-03-19 CVE-2017-5623 Improper Privilege Management vulnerability in Oneplus Oxygenos
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices.
low complexity
oneplus CWE-269
6.6