ColorOS
by Oppo
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-27389 | Med | 0.33 | — | 0.00 | Dec 5, 2025 | A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning. | ||
| CVE-2021-23246 | 0.00 | — | 0.01 | Mar 11, 2022 | In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. | |||
| CVE-2021-23244 | 0.00 | — | 0.01 | Dec 27, 2021 | ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission. | |||
| CVE-2020-11828 | 0.00 | — | 0.01 | Apr 21, 2020 | In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is… |
- risk 0.33cvss —epss 0.00
A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning.
- CVE-2021-23246Mar 11, 2022risk 0.00cvss —epss 0.01
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.
- CVE-2021-23244Dec 27, 2021risk 0.00cvss —epss 0.01
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.
- CVE-2020-11828Apr 21, 2020risk 0.00cvss —epss 0.01
In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is…