Skip to main content

Coloros

4 CVEs product

Monthly

CVE-2023-26310 CRITICAL Act Now

There is a command injection problem in the old version of the mobile phone backup app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Coloros
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-23244 HIGH This Week

ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coloros
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-11829 CRITICAL Act Now

Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coloros
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-11828 HIGH This Week

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coloros
NVD
CVSS 3.1
7.5
EPSS
1.2%
EPSS 1% CVSS 9.8
CRITICAL Act Now

There is a command injection problem in the old version of the mobile phone backup app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Coloros
NVD
EPSS 1% CVSS 7.8
HIGH This Week

ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coloros
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coloros
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coloros
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy