Vulnerabilities > MI > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-07 | CVE-2018-20523 | Command Injection vulnerability in MI products Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. | 5.0 |
| 2019-06-06 | CVE-2019-12762 | Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. | 4.2 |
| 2019-04-05 | CVE-2019-10875 | Authentication Bypass by Spoofing vulnerability in MI Browser and Mint Browser A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. | 4.3 |
| 2019-02-17 | CVE-2019-8413 | NULL Pointer Dereference vulnerability in MI MIX 2 Firmware 4.4.78 On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661). | 4.9 |
| 2018-12-24 | CVE-2018-18698 | Insufficiently Protected Credentials vulnerability in MI Xiaomi Mi-A1 Firmware An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. | 5.0 |
| 2018-11-27 | CVE-2018-13022 | Cross-site Scripting vulnerability in MI Miwifi OS 2.22.15 Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. | 4.3 |
| 2018-09-05 | CVE-2018-16307 | Information Exposure vulnerability in MI Xiaomi Miwifi Xiaomi 55Dd Firmware 2.8.50 An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. | 5.0 |