VYPR

ColorOS

by Oppo

CVEs (4)

  • CVE-2025-27389MedDec 5, 2025
    risk 0.33cvss epss 0.00

    A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning.

  • CVE-2021-23246Mar 11, 2022
    risk 0.00cvss epss 0.01

    In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.

  • CVE-2021-23244Dec 27, 2021
    risk 0.00cvss epss 0.01

    ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.

  • CVE-2020-11828Apr 21, 2020
    risk 0.00cvss epss 0.01

    In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is…