CVE-2025-27387
- EPSS 0.02%
- Veröffentlicht 23.06.2025 09:28:08
- Zuletzt bearbeitet 23.06.2025 20:16:21
OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure.
CVE-2023-26310
- EPSS 0.51%
- Veröffentlicht 09.08.2023 07:15:10
- Zuletzt bearbeitet 21.11.2024 07:51:06
There is a command injection problem in the old version of the mobile phone backup app.
CVE-2021-23246
- EPSS 0.32%
- Veröffentlicht 11.03.2022 18:15:09
- Zuletzt bearbeitet 21.11.2024 05:51:26
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.
CVE-2021-23244
- EPSS 0.16%
- Veröffentlicht 27.12.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 05:51:26
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.
CVE-2020-11829
- EPSS 0.5%
- Veröffentlicht 19.11.2020 16:15:10
- Zuletzt bearbeitet 21.11.2024 04:58:43
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.
CVE-2020-11828
- EPSS 0.32%
- Veröffentlicht 21.04.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:58:42
In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will no...