74 matches found
Xiaomi Mi 9 MIUI 12.0.5 has a logic flaw vulnerability
Xiaomi Mi 9 is a phone released by Xiaomi on February 20, 2019 at 14:00 at the Beijing Institute of Technology Gymnasium. Xiaomi Mi 9 MIUI 12.0.5 has a logic flaw vulnerability. An attacker can use this vulnerability to bypass the system screen lock and transfer any malicious file to the target...
Xiaomi MIUI Information Disclosure Vulnerability
Xiaomi MIUI is a set of Android-based smartphone operating systems developed by China's Xiaomi Technology Xiaomi. An information disclosure vulnerability exists in Xiaomi MIUI version 11.0.5.0.QFAEUXM. The vulnerability can be exploited by an attacker with an NFC tool to install an application an...
Unspecified vulnerability in Xiaomi MIUI
Xiaomi MIUI is a set of Android-based smartphone operating systems developed by China's Xiaomi Technology Xiaomi. A security vulnerability exists in Xiaomi MIUI version V11.0.5.0.QFAEUXM, which originates from the program not properly handling functions used to open other components. The...
CVE-2020-9530
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetAppscom.xiaomi.mipicks mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView...
CVE-2020-9531
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetAppscom.xiaomi.mipicks, the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass...
CVE-2020-9531
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetAppscom.xiaomi.mipicks, the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass...
Design/Logic Flaw
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetAppscom.xiaomi.mipicks mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView...
Design/Logic Flaw
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetAppscom.xiaomi.mipicks, the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass...
CVE-2020-9531
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetAppscom.xiaomi.mipicks, the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass...
CVE-2020-9531
CVE-2020-9531 affects Xiaomi MIUI 11.0.5.0.QFAEUXM. In GetApps (com.xiaomi.mipicks) Web resources, parameters are read and executed; after parsing resource files, relevant components open the incoming URL, allowing data in the parameters to be loaded and executed. An attacker with near-field prox...
CVE-2020-9530
An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetAppscom.xiaomi.mipicks mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView...
CVE-2020-9530
The CVE describes an issue in Xiaomi MIUI V11.0.5.0.QFAEUXM where the GetApps export component (com.xiaomi.mipicks) mishandles opening other components. An attacker could lure a user to load malicious web pages via WebView in Messaging (com.android.MMS) in a specific network environment, leading ...
CVE-2019-13322
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...
Authentication flaw
A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials partially. This occurs because of paste acces...
CVE-2019-11015
A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials partially. This occurs because of paste acces...
CVE-2019-11015
A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials partially. This occurs because of paste acces...
CVE-2019-11015
A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials partially. This occurs because of paste acces...
CVE-2019-11015
CVE-2019-11015 affects MIUI OS 10.1.3.0, where the Wallpaper Carousel app can enable a physically proximate attacker to bypass lockscreen authentication and access clipboard data and partial stored credentials. The underlying issue is paste access to a social-media login page. CVSS details indica...
Xiaomi Mi Browser / Mint Browser URL Spoofing
Exploit Title: URL Spoofing Exploit for Xiaomi Mi Browser v10.5.6-g and Mint Browser v1.5.3 Date : 11/04/2019 Exploit Author: Arif Khan @payloadartist Vendor Homepage: www.xiaomi.com Version : v10.5.6-g and v1.5.3 Tested On : MIUI OS, v10.1.3.0 CVE : CVE-2019-10875 Exploit:...
Spoofing
A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g aka the MIUI native browser and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user...