Vulnerabilities > Oppo

DATE CVE VULNERABILITY TITLE RISK
2023-08-10 CVE-2023-26311 Unspecified vulnerability in Oppo Store 1.5.11
A remote code execution vulnerability in the webview component of OPPO Store app.
network
low complexity
oppo
critical
9.8
2023-08-09 CVE-2023-26310 Command Injection vulnerability in Oppo Coloros 12.3
There is a command injection problem in the old version of the mobile phone backup app.
network
low complexity
oppo CWE-77
critical
9.8
2022-04-01 CVE-2021-23247 Command Injection vulnerability in Oppo Quick APP 4.5.0
A command injection vulerability found in quick game engine allows arbitrary remote code in quick app.
network
low complexity
oppo CWE-77
critical
9.8
2022-03-11 CVE-2021-23246 Unspecified vulnerability in Oppo Coloros 11
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.
network
low complexity
oppo
7.5
2021-12-27 CVE-2021-23244 Unspecified vulnerability in Oppo Coloros 11
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.
local
low complexity
oppo
7.8
2020-12-31 CVE-2020-11835 Out-of-bounds Write vulnerability in Oppo Find X2 PRO Firmware and Reno3 PRO Firmware
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability.
local
low complexity
oppo CWE-787
5.5
2020-12-31 CVE-2020-11834 Out-of-bounds Write vulnerability in Oppo Find X2 PRO Firmware and Reno3 PRO Firmware
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability.
local
low complexity
oppo CWE-787
5.5
2020-12-31 CVE-2020-11833 Out-of-bounds Write vulnerability in Oppo Find X2 PRO Firmware and Reno3 PRO Firmware
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability.
local
low complexity
oppo CWE-787
5.5
2020-12-31 CVE-2020-11832 Out-of-bounds Write vulnerability in Oppo Find X2 PRO Firmware and Reno3 PRO Firmware
In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability.
local
low complexity
oppo CWE-787
5.5
2020-11-19 CVE-2020-11831 Incorrect Permission Assignment for Critical Resource vulnerability in Oppo Ovoicemanager 2.0.1
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.
network
low complexity
oppo CWE-732
critical
9.8