Filtered by vendor Oppo
Subscriptions
Total
21 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27389 | 1 Oppo | 1 Coloros | 2025-12-05 | N/A |
| A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning. | ||||
| CVE-2025-57452 | 2 Oppo, Realme | 2 Coloros, Clone Phone | 2025-10-08 | 6.1 Medium |
| In realme BackupRestore app v15.1.12_2810c08_250314, improper URI scheme handling in com.coloros.pc.PcToolMainActivity allows local attackers to cause a crash and potential XSS via crafted ADB intents. | ||||
| CVE-2025-27388 | 1 Oppo | 1 Health App | 2025-08-16 | N/A |
| Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens. | ||||
| CVE-2025-27387 | 1 Oppo | 1 Oppo Clone Phone | 2025-06-27 | 7.4 High |
| OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure. | ||||
| CVE-2024-1608 | 1 Oppo | 1 Usercenter Credit Software Development Kit | 2025-04-02 | 9.1 Critical |
| In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction. | ||||
| CVE-2023-26311 | 1 Oppo | 1 Oppo Store | 2024-11-21 | 7.4 High |
| A remote code execution vulnerability in the webview component of OPPO Store app. | ||||
| CVE-2023-26310 | 1 Oppo | 2 Coloros, Find X3 | 2024-11-21 | 7.4 High |
| There is a command injection problem in the old version of the mobile phone backup app. | ||||
| CVE-2021-23247 | 1 Oppo | 1 Quick App | 2024-11-21 | 9.8 Critical |
| A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine | ||||
| CVE-2021-23246 | 1 Oppo | 2 Ace2, Coloros | 2024-11-21 | 7.5 High |
| In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. | ||||
| CVE-2021-23244 | 1 Oppo | 1 Coloros | 2024-11-21 | 7.8 High |
| ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission. | ||||
| CVE-2021-23243 | 2 Google, Oppo | 36 Android, Oppo A12, Oppo A15 and 33 more | 2024-11-21 | 7.8 High |
| In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. | ||||
| CVE-2020-11836 | 2 Google, Oppo | 19 Android, A12, A15 and 16 more | 2024-11-21 | 5.5 Medium |
| OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no. | ||||
| CVE-2020-11835 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2024-11-21 | 5.5 Medium |
| In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability. | ||||
| CVE-2020-11834 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2024-11-21 | 5.5 Medium |
| In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability. | ||||
| CVE-2020-11833 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2024-11-21 | 5.5 Medium |
| In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability. | ||||
| CVE-2020-11832 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2024-11-21 | 5.5 Medium |
| In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability. | ||||
| CVE-2020-11831 | 1 Oppo | 1 Ovoicemanager | 2024-11-21 | 9.8 Critical |
| OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1. | ||||
| CVE-2020-11830 | 1 Oppo | 1 Qualityprotect | 2024-11-21 | 9.8 Critical |
| QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0. | ||||
| CVE-2020-11829 | 1 Oppo | 1 Coloros | 2024-11-21 | 9.8 Critical |
| Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. | ||||
| CVE-2020-11828 | 1 Oppo | 1 Coloros | 2024-11-21 | 7.5 High |
| In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR. | ||||