Vulnerabilities > Vivo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-17 | CVE-2021-26277 | Unspecified vulnerability in Vivo Frame Service The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. | 9.8 |
| 2021-11-10 | CVE-2020-12488 | Exposure of Resource to Wrong Sphere vulnerability in Vivo Jovi Smart Scene 6.2.2.5 The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission. | 2.1 |
| 2021-03-23 | CVE-2020-12483 | Open Redirect vulnerability in Vivo Appstore The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters. | 5.8 |
| 2020-11-10 | CVE-2020-12485 | Out-of-bounds Read vulnerability in Vivo Frame Touch Module 10 The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device. | 4.9 |
| 2019-04-25 | CVE-2018-15000 | Unspecified vulnerability in Vivo V7 Firmware The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.smartshot (versionCode=1, versionName=3.0.0). local vivo | 3.3 |
| 2018-12-28 | CVE-2018-15002 | Information Exposure Through Log Files vulnerability in Vivo V7 Firmware 7.1.2 The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone user. | 1.9 |
| 2018-12-28 | CVE-2018-15001 | Information Exposure Through Log Files vulnerability in Vivo V7 Firmware 1.0 The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. | 2.1 |
| 2017-12-08 | CVE-2017-17463 | Information Exposure vulnerability in Vivo Modem Firmware Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields. | 5.0 |