Lucene search
K

74 matches found

CNVD
CNVD
added 2020/10/29 12:0 a.m.1 views

Xiaomi Mi 9 MIUI 12.0.5 has a logic flaw vulnerability

Xiaomi Mi 9 is a phone released by Xiaomi on February 20, 2019 at 14:00 at the Beijing Institute of Technology Gymnasium. Xiaomi Mi 9 MIUI 12.0.5 has a logic flaw vulnerability. An attacker can use this vulnerability to bypass the system screen lock and transfer any malicious file to the target...

6.8AI score
Exploits0
CNVD
CNVD
added 2020/09/18 12:0 a.m.3 views

Xiaomi MIUI Information Disclosure Vulnerability

Xiaomi MIUI is a set of Android-based smartphone operating systems developed by China's Xiaomi Technology Xiaomi. An information disclosure vulnerability exists in Xiaomi MIUI version 11.0.5.0.QFAEUXM. The vulnerability can be exploited by an attacker with an NFC tool to install an application an...

7.3CVSS6.3AI score0.013EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/09 12:0 a.m.4 views

Unspecified vulnerability in Xiaomi MIUI

Xiaomi MIUI is a set of Android-based smartphone operating systems developed by China's Xiaomi Technology Xiaomi. A security vulnerability exists in Xiaomi MIUI version V11.0.5.0.QFAEUXM, which originates from the program not properly handling functions used to open other components. The...

6.5CVSS6.6AI score0.01477EPSS
Exploits0References1
NVD
NVD
added 2020/03/06 5:15 p.m.23 views

CVE-2020-9530

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetAppscom.xiaomi.mipicks mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView...

6.5CVSS6.2AI score0.01477EPSS
Exploits0References2
NVD
NVD
added 2020/03/06 5:15 p.m.43 views

CVE-2020-9531

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetAppscom.xiaomi.mipicks, the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass...

7.3CVSS6.9AI score0.013EPSS
Exploits0References3
OSV
OSV
added 2020/03/06 5:15 p.m.3 views

CVE-2020-9531

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetAppscom.xiaomi.mipicks, the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass...

7.3CVSS7AI score0.013EPSS
Exploits0References3
Prion
Prion
added 2020/03/06 5:15 p.m.16 views

Design/Logic Flaw

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetAppscom.xiaomi.mipicks mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView...

4.3CVSS6.2AI score0.01477EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/03/06 5:15 p.m.21 views

Design/Logic Flaw

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetAppscom.xiaomi.mipicks, the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass...

4.3CVSS6.8AI score0.013EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/03/06 4:49 p.m.45 views

CVE-2020-9531

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetAppscom.xiaomi.mipicks, the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass...

6.9AI score0.013EPSS
Exploits0References3
CVE
CVE
added 2020/03/06 4:49 p.m.83 views

CVE-2020-9531

CVE-2020-9531 affects Xiaomi MIUI 11.0.5.0.QFAEUXM. In GetApps (com.xiaomi.mipicks) Web resources, parameters are read and executed; after parsing resource files, relevant components open the incoming URL, allowing data in the parameters to be loaded and executed. An attacker with near-field prox...

7.3CVSS6.8AI score0.013EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/03/06 4:49 p.m.26 views

CVE-2020-9530

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetAppscom.xiaomi.mipicks mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView...

6.3AI score0.01477EPSS
Exploits0References2
CVE
CVE
added 2020/03/06 4:49 p.m.62 views

CVE-2020-9530

The CVE describes an issue in Xiaomi MIUI V11.0.5.0.QFAEUXM where the GetApps export component (com.xiaomi.mipicks) mishandles opening other components. An attacker could lure a user to load malicious web pages via WebView in Messaging (com.android.MMS) in a specific network environment, leading ...

6.5CVSS6.2AI score0.01477EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/02/10 9:50 p.m.4 views

CVE-2019-13322

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

8.8CVSS7.5AI score0.02554EPSS
Exploits0References1
Prion
Prion
added 2019/04/18 10:29 p.m.15 views

Authentication flaw

A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials partially. This occurs because of paste acces...

2.1CVSS6.6AI score0.00538EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/04/18 10:29 p.m.4 views

CVE-2019-11015

A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials partially. This occurs because of paste acces...

6.8CVSS5.8AI score0.00538EPSS
Exploits1References1
NVD
NVD
added 2019/04/18 10:29 p.m.25 views

CVE-2019-11015

A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials partially. This occurs because of paste acces...

6.8CVSS6.7AI score0.00538EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/04/18 9:51 p.m.20 views

CVE-2019-11015

A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials partially. This occurs because of paste acces...

6.7AI score0.00538EPSS
Exploits1References1
CVE
CVE
added 2019/04/18 9:51 p.m.53 views

CVE-2019-11015

CVE-2019-11015 affects MIUI OS 10.1.3.0, where the Wallpaper Carousel app can enable a physically proximate attacker to bypass lockscreen authentication and access clipboard data and partial stored credentials. The underlying issue is paste access to a social-media login page. CVSS details indica...

6.8CVSS6.6AI score0.00538EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2019/04/11 12:0 a.m.49 views

Xiaomi Mi Browser / Mint Browser URL Spoofing

Exploit Title: URL Spoofing Exploit for Xiaomi Mi Browser v10.5.6-g and Mint Browser v1.5.3 Date : 11/04/2019 Exploit Author: Arif Khan @payloadartist Vendor Homepage: www.xiaomi.com Version : v10.5.6-g and v1.5.3 Tested On : MIUI OS, v10.1.3.0 CVE : CVE-2019-10875 Exploit:...

4.3CVSS6.6AI score0.02229EPSS
Exploits2
Prion
Prion
added 2019/04/05 1:29 p.m.21 views

Spoofing

A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g aka the MIUI native browser and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user...

4.3CVSS6.4AI score0.02229EPSS
Exploits2References4Affected Software2
Rows per page
Query Builder