Coloros Security Vulnerabilities

CVE-2023-26310

There is a command injection problem in the old version of the mobile phone backup...

CVE-2021-23246

In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information...

CVE-2021-23244

ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous...

CVE-2020-11829

Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook...

CVE-2020-11828

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the...