Vulnerabilities > Oppo > Coloros

DATE CVE VULNERABILITY TITLE RISK
2023-08-09 CVE-2023-26310 Command Injection vulnerability in Oppo Coloros 12.3
There is a command injection problem in the old version of the mobile phone backup app.
network
low complexity
oppo CWE-77
critical
9.8
2022-03-11 CVE-2021-23246 Unspecified vulnerability in Oppo Coloros 11
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.
network
low complexity
oppo
7.5
2021-12-27 CVE-2021-23244 Unspecified vulnerability in Oppo Coloros 11
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.
local
low complexity
oppo
7.8
2020-11-19 CVE-2020-11829 Unspecified vulnerability in Oppo Coloros 2.0.05493E40200722
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.
network
low complexity
oppo
critical
9.8
2020-04-21 CVE-2020-11828 Use of Uninitialized Resource vulnerability in Oppo Coloros
In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.
network
low complexity
oppo CWE-908
7.5