Search criteria
14 vulnerabilities by OPPO
CVE-2025-27388 (GCVE-0-2025-27388)
Vulnerability from cvelistv5 – Published: 2025-08-14 07:15 – Updated: 2025-08-14 19:37
VLAI?
Summary
Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OPPO | OPPO HEALTH APP |
Affected:
4.23.4 and below , ≤ 4.23.4
(git)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T19:36:20.850842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T19:37:41.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OPPO HEALTH APP",
"vendor": "OPPO",
"versions": [
{
"lessThanOrEqual": "4.23.4",
"status": "affected",
"version": "4.23.4 and below",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens."
}
],
"value": "Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens."
}
],
"impacts": [
{
"capecId": "CAPEC-639",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-639 Probe System Files"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T07:15:10.875Z",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1955879800426209280"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary URL Loading in WebView Leading to Token Leakage Risk",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2025-27388",
"datePublished": "2025-08-14T07:15:10.875Z",
"dateReserved": "2025-02-24T03:04:32.845Z",
"dateUpdated": "2025-08-14T19:37:41.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27387 (GCVE-0-2025-27387)
Vulnerability from cvelistv5 – Published: 2025-06-23 09:28 – Updated: 2025-06-23 12:14
VLAI?
Summary
OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure.
Severity ?
7.4 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T12:09:11.626527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:14:46.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ColorOS",
"vendor": "OPPO",
"versions": [
{
"status": "affected",
"version": "15.0.2 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure."
}
],
"value": "OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure."
}
],
"impacts": [
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112 Brute Force"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T09:33:21.089Z",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1937080145974403072https://"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OPPPO Clone Phone uses weak WPA passphrase as only means of security",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2025-27387",
"datePublished": "2025-06-23T09:28:08.244Z",
"dateReserved": "2025-02-24T03:04:32.845Z",
"dateUpdated": "2025-06-23T12:14:46.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1609 (GCVE-0-2024-1609)
Vulnerability from cvelistv5 – Published: 2024-12-25 03:14 – Updated: 2024-12-26 19:52
VLAI?
Summary
In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OPPO | OPPP Store |
Affected:
3.10
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1609",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-26T19:51:53.624999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-26T19:52:25.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OPPP Store",
"vendor": "OPPO",
"versions": [
{
"status": "affected",
"version": "3.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn OPPOStore iOS App, there\u0027s a possible escalation of privilege due to improper input validation. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In OPPOStore iOS App, there\u0027s a possible escalation of privilege due to improper input validation."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-25T03:14:43.216Z",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1869215920048840704"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OPPO Store APP has a WebView component privilege escalation vulnerability.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2024-1609",
"datePublished": "2024-12-25T03:14:43.216Z",
"dateReserved": "2024-02-19T07:48:58.472Z",
"dateUpdated": "2024-12-26T19:52:25.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1610 (GCVE-0-2024-1610)
Vulnerability from cvelistv5 – Published: 2024-12-18 06:18 – Updated: 2024-12-18 15:33
VLAI?
Summary
In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OPPO | OPPO Store APP |
Affected:
4.32.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-1610",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T15:30:05.310072Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T15:33:31.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OPPO Store APP",
"vendor": "OPPO",
"versions": [
{
"status": "affected",
"version": "4.32.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn OPPO Store APP, there\u0027s a possible escalation of privilege due to improper input validation. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In OPPO Store APP, there\u0027s a possible escalation of privilege due to improper input validation."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T06:18:48.588Z",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1869215920048840704"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OPPO Store app include remote account token hijacking and sensitive information leakage",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2024-1610",
"datePublished": "2024-12-18T06:18:48.588Z",
"dateReserved": "2024-02-19T07:49:02.096Z",
"dateUpdated": "2024-12-18T15:33:31.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1608 (GCVE-0-2024-1608)
Vulnerability from cvelistv5 – Published: 2024-02-20 09:09 – Updated: 2024-08-01 18:48
VLAI?
Summary
In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction.
Severity ?
9.1 (Critical)
CWE
- Escalation of Privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OPPO | Usercenter Credit sdk |
Affected:
/
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:oppo:usercenter_credit_sdk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "usercenter_credit_sdk",
"vendor": "oppo",
"versions": [
{
"lessThan": "*",
"status": "unknown",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1608",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T15:24:08.747661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:51:36.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Usercenter Credit sdk",
"vendor": "OPPO",
"versions": [
{
"status": "affected",
"version": "/"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In OPPO Usercenter Credit SDK, there\u0027s a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction."
}
],
"value": "In OPPO Usercenter Credit SDK, there\u0027s a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Escalation of Privilege"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T09:09:13.528Z",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OPPO Usercenter Credit sdk",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2024-1608",
"datePublished": "2024-02-20T09:09:13.528Z",
"dateReserved": "2024-02-19T07:48:52.647Z",
"dateUpdated": "2024-08-01T18:48:21.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26311 (GCVE-0-2023-26311)
Vulnerability from cvelistv5 – Published: 2023-08-10 10:32 – Updated: 2024-10-08 14:50
VLAI?
Summary
A remote code execution vulnerability in the webview component of OPPO Store app.
Severity ?
7.4 (High)
CWE
- Remote Code Execution
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OPPO | OPPO Store |
Affected:
1.5.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:24.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689584995217448960"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:33:02.241396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:50:29.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OPPO Store",
"vendor": "OPPO",
"versions": [
{
"status": "affected",
"version": "1.5.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e A remote code execution vulnerability in the webview component of OPPO Store app.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": " A remote code execution vulnerability in the webview component of OPPO Store app.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-10T10:32:31.287Z",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689584995217448960"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": " A remote code execution vulnerability in the webview component of OPPO Store app.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2023-26311",
"datePublished": "2023-08-10T10:32:31.287Z",
"dateReserved": "2023-02-21T23:18:21.568Z",
"dateUpdated": "2024-10-08T14:50:29.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26309 (GCVE-0-2023-26309)
Vulnerability from cvelistv5 – Published: 2023-08-10 08:34 – Updated: 2024-10-08 14:50
VLAI?
Summary
A remote code execution vulnerability in the webview component of OnePlus Store app.
Severity ?
7.4 (High)
CWE
- Remote Code Execution
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OPPO | OnePlus Store |
Affected:
3.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689464826201645056"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:34:46.417505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:50:47.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OnePlus Store",
"vendor": "OPPO",
"versions": [
{
"status": "affected",
"version": "3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote code execution vulnerability in the webview component of OnePlus Store app.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A remote code execution vulnerability in the webview component of OnePlus Store app.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T09:39:08.276Z",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1689464826201645056"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A remote code execution vulnerability in the webview component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2023-26309",
"datePublished": "2023-08-10T08:34:12.390Z",
"dateReserved": "2023-02-21T23:18:21.567Z",
"dateUpdated": "2024-10-08T14:50:47.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26310 (GCVE-0-2023-26310)
Vulnerability from cvelistv5 – Published: 2023-08-09 06:13 – Updated: 2024-10-09 10:15
VLAI?
Summary
There is a command injection problem in the old version of the mobile phone backup app.
Severity ?
7.4 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OPPO | OPPO Find X3 |
Affected:
ColorOS 12.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1684402464721477632"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T15:41:23.160966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T15:41:34.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OPPO Find X3",
"vendor": "OPPO",
"versions": [
{
"status": "affected",
"version": "ColorOS 12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is a command injection problem in the old version of the mobile phone backup app.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is a command injection problem in the old version of the mobile phone backup app."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T10:15:15.657Z",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1684402464721477632"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection In OPPO Service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2023-26310",
"datePublished": "2023-08-09T06:13:22.055Z",
"dateReserved": "2023-02-21T23:18:21.568Z",
"dateUpdated": "2024-10-09T10:15:15.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23247 (GCVE-0-2021-23247)
Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2024-08-03 19:05
VLAI?
Summary
A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | OPPO Quick App |
Affected:
4.5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1501448054614794240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OPPO Quick App",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:26",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1501448054614794240"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@oppo.com",
"ID": "CVE-2021-23247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OPPO Quick App",
"version": {
"version_data": [
{
"version_value": "4.5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1501448054614794240",
"refsource": "MISC",
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1501448054614794240"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2021-23247",
"datePublished": "2022-04-01T22:17:26",
"dateReserved": "2021-01-08T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23244 (GCVE-0-2021-23244)
Vulnerability from cvelistv5 – Published: 2021-12-27 18:48 – Updated: 2024-08-03 19:05
VLAI?
Summary
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.
Severity ?
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | OPPO Android Phone |
Affected:
OPPO Mobile phones with ColorOS 11 version
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:54.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OPPO Android Phone",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OPPO Mobile phones with ColorOS 11 version"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T18:48:24",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@oppo.com",
"ID": "CVE-2021-23244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OPPO Android Phone",
"version": {
"version_data": [
{
"version_value": "OPPO Mobile phones with ColorOS 11 version"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976",
"refsource": "MISC",
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1474214753353342976"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2021-23244",
"datePublished": "2021-12-27T18:48:24",
"dateReserved": "2021-01-08T00:00:00",
"dateUpdated": "2024-08-03T19:05:54.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11831 (GCVE-0-2020-11831)
Vulnerability from cvelistv5 – Published: 2020-11-19 15:51 – Updated: 2024-08-04 11:41
VLAI?
Summary
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.
Severity ?
No CVSS data available.
CWE
- privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | com.oppo.ovoicemanager |
Affected:
V2.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:41:59.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "com.oppo.ovoicemanager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V2.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T15:51:12",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@oppo.com",
"ID": "CVE-2020-11831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "com.oppo.ovoicemanager",
"version": {
"version_data": [
{
"version_value": "V2.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696",
"refsource": "CONFIRM",
"url": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2020-11831",
"datePublished": "2020-11-19T15:51:12",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:41:59.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11830 (GCVE-0-2020-11830)
Vulnerability from cvelistv5 – Published: 2020-11-19 15:51 – Updated: 2024-08-04 11:42
VLAI?
Summary
QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0.
Severity ?
No CVSS data available.
CWE
- privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | com.oppo.qualityprotect |
Affected:
V2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "com.oppo.qualityprotect",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T15:51:09",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@oppo.com",
"ID": "CVE-2020-11830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "com.oppo.qualityprotect",
"version": {
"version_data": [
{
"version_value": "V2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696",
"refsource": "CONFIRM",
"url": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2020-11830",
"datePublished": "2020-11-19T15:51:09",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11829 (GCVE-0-2020-11829)
Vulnerability from cvelistv5 – Published: 2020-11-19 15:51 – Updated: 2024-08-04 11:42
VLAI?
Summary
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.
Severity ?
No CVSS data available.
CWE
- privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | com.coloros.codebook |
Affected:
V2.0.0_5493e40_200722
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "com.coloros.codebook",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V2.0.0_5493e40_200722"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T15:51:07",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@oppo.com",
"ID": "CVE-2020-11829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "com.coloros.codebook",
"version": {
"version_data": [
{
"version_value": "V2.0.0_5493e40_200722"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696",
"refsource": "CONFIRM",
"url": "https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2020-11829",
"datePublished": "2020-11-19T15:51:07",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11828 (GCVE-0-2020-11828)
Vulnerability from cvelistv5 – Published: 2020-04-21 13:42 – Updated: 2024-08-04 11:42
VLAI?
Summary
In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Color OS",
"vendor": "Oppo",
"versions": [
{
"status": "affected",
"version": "6"
},
{
"status": "affected",
"version": "7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-21T13:42:04",
"orgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"shortName": "OPPO"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@oppo.com",
"ID": "CVE-2020-11828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Color OS",
"version": {
"version_data": [
{
"version_value": "6"
},
{
"version_value": "7"
}
]
}
}
]
},
"vendor_name": "Oppo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033",
"refsource": "CONFIRM",
"url": "https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f2b1ad8-5432-4d64-91a1-9099af1cc695",
"assignerShortName": "OPPO",
"cveId": "CVE-2020-11828",
"datePublished": "2020-04-21T13:42:04",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}