There is a command injection problem in the old version of the mobile phone backup...
9.8CVSS
9.6AI Score
0.001EPSS
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information...
7.5CVSS
7.2AI Score
0.002EPSS
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous...
7.8CVSS
7.4AI Score
0.001EPSS
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook...
9.8CVSS
9.3AI Score
0.002EPSS
In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the...
7.5CVSS
7.5AI Score
0.002EPSS