Vulnerabilities > Oppo

DATE CVE VULNERABILITY TITLE RISK
2020-11-19 CVE-2020-11830 Unspecified vulnerability in Oppo Qualityprotect 2.0
QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0.
network
low complexity
oppo
critical
9.8
2020-11-19 CVE-2020-11829 Unspecified vulnerability in Oppo Coloros 2.0.05493E40200722
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.
network
low complexity
oppo
critical
9.8
2020-04-21 CVE-2020-11828 Use of Uninitialized Resource vulnerability in Oppo Coloros
In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.
network
low complexity
oppo CWE-908
7.5
2019-04-25 CVE-2018-14996 Unspecified vulnerability in Oppo F5 Firmware
The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod (versionCode=1, versionName=1.0) that contains an exported service named com.dropboxchmod.DropboxChmodService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user.
local
low complexity
oppo
7.8