Vulnerabilities > MI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-06 | CVE-2020-9531 | Unspecified vulnerability in MI Miui Firmware 11.0.5.0.Qfaeuxm An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. | 4.3 |
| 2020-03-06 | CVE-2020-9530 | Information Exposure vulnerability in MI Miui Firmware 11.0.5.0.Qfaeuxm An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. | 4.3 |
| 2020-03-05 | CVE-2020-8994 | Insufficiently Protected Credentials vulnerability in MI Mdz-25-Dt Firmware 1.34.36/1.40.14 An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. | 7.2 |
| 2020-02-10 | CVE-2019-13322 | Improper Input Validation vulnerability in MI Browser This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. | 6.8 |
| 2020-02-10 | CVE-2019-13321 | Incorrect Permission Assignment for Critical Resource vulnerability in MI Browser This vulnerability allows network adjacent attackers to execute arbitrary code on affected installations of Xiaomi Browser Prior to 10.4.0. | 5.4 |
| 2019-12-20 | CVE-2019-15915 | Improper Input Validation vulnerability in MI products An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. | 5.0 |
| 2019-12-20 | CVE-2019-15914 | Improper Input Validation vulnerability in MI products An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. | 5.0 |
| 2019-12-20 | CVE-2019-15913 | Authorization Bypass Through User-Controlled Key vulnerability in MI products An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. | 7.5 |
| 2019-11-14 | CVE-2019-15475 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI A3 Firmware The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc_eea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. | 2.1 |
| 2019-11-14 | CVE-2019-15474 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in MI Cepheus Firmware The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. | 2.1 |