Vulnerabilities > MI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-18 | CVE-2019-15843 | Unrestricted Upload of File with Dangerous Type vulnerability in MI Xiaomi Millet Firmware 16.3.9.3 A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. | 7.4 |
| 2019-06-07 | CVE-2018-20523 | Command Injection vulnerability in MI products Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. | 5.3 |
| 2019-06-06 | CVE-2019-12762 | Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. | 4.2 |
| 2019-06-03 | CVE-2019-6743 | Out-of-bounds Write vulnerability in MI MI6 Browser This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. | 8.8 |
| 2019-05-31 | CVE-2019-12500 | Missing Authentication for Critical Function vulnerability in MI M365 Firmware The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. | 6.5 |
| 2019-04-25 | CVE-2018-20823 | Improper Input Validation vulnerability in MI 5S Firmware The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack. | 7.5 |
| 2019-04-05 | CVE-2019-10875 | Authentication Bypass by Spoofing vulnerability in MI Browser and Mint Browser A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. | 6.5 |
| 2019-02-17 | CVE-2019-8413 | NULL Pointer Dereference vulnerability in MI MIX 2 Firmware 4.4.78 On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661). | 5.5 |
| 2018-12-24 | CVE-2018-18698 | Insufficiently Protected Credentials vulnerability in MI Xiaomi Mi-A1 Firmware An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. | 9.8 |
| 2018-12-07 | CVE-2018-19939 | NULL Pointer Dereference vulnerability in MI A2 Lite Firmware and Redmi 6 Firmware The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c. | 7.5 |