CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-11836
https://notcve.org/view.php?id=CVE-2020-11836
05 Feb 2021 — OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no. Los Teléfonos OPPO Android con chipset MTK y Android versiones 8.1/9/10/11, presentan una vulnerabilidad de filtrado de información. El "adb shell getprop ro.vendor.aee.enforcing" o "adb shell getprop ro.vendor.aee.enforcing" devuelven no • https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1357213888449617920 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-11835
https://notcve.org/view.php?id=CVE-2020-11835
31 Dec 2020 — In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability. En el archivo /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, una falta de comprobación del parámetro buf en la función proc_work_mode_write en proc_work_mode_write causa una vulnerabilidad. • https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1333235676610830336 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-11834
https://notcve.org/view.php?id=CVE-2020-11834
31 Dec 2020 — In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability. En el archivo /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, la función proc_fastchg_fw_update_write en proc_fastchg_fw_update_write no comprueba el parámetro len, resultando en una vulnerabilidad. • https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1333235676610830336 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-11833
https://notcve.org/view.php?id=CVE-2020-11833
31 Dec 2020 — In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability. En el archivo /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, la función mp2650_data_log_write en mp2650_data_log_write no comprueba el parámetro len que causa una vulnerabilidad. • https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1333235676610830336 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-11832
https://notcve.org/view.php?id=CVE-2020-11832
31 Dec 2020 — In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability. En las funciones charge_limit_current_write y charge_limit_time_write en el archivo /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c no se han comprobado los parámetros, lo que causa una vulnerabilidad. • https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1333235676610830336 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11831
https://notcve.org/view.php?id=CVE-2020-11831
19 Nov 2020 — OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1. OvoiceManager, presenta permisos de sistema para escribir reportes de vulnerabilidad para archivos arbitrarios, el producto afectado es com.oppo.ovoicemanager versión V2.0.1 • https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11830
https://notcve.org/view.php?id=CVE-2020-11830
19 Nov 2020 — QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0. QualityProtect presenta una vulnerabilidad para ejecutar comandos de sistema arbitrarios, el producto afectado es com.oppo.qualityprotect versión V2.0 • https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11829
https://notcve.org/view.php?id=CVE-2020-11829
19 Nov 2020 — Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. Una carga dinámica de servicios en el SDK de copia de seguridad y restauración conlleva a una escalada de privilegios, el producto afectado es com.coloros.codebook versión V2.0.0_5493e40_200722 • https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1328876061836189696 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11828
https://notcve.org/view.php?id=CVE-2020-11828
21 Apr 2020 — In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR. En ColorOS (sistema operativo de telefonía móvil oppo, basado en código surfaceflinger.CPP de positio... • https://security.oppo.com/cn/noticedetails.html?noticeId=20201587348300033 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14996
https://notcve.org/view.php?id=CVE-2018-14996
25 Apr 2019 — The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod (versionCode=1, versionName=1.0) that contains an exported service named com.dropboxchmod.DropboxChmodService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app.... • https://www.kryptowire.com •