NotCVE - vendor:"Mi"

Page 16 of 91 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 39EXPL: 3

CVE-2018-20523 – Xiaomi browser 10.2.4.g - Browser Search History Disclosure

https://notcve.org/view.php?id=CVE-2018-20523

Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request. Xiaomi stock Browser versión 10.2.4.g en dispositivos Xiaomi Redmi Note 5 Pro y otros teléfonos Redmi Android, permite inyección en el proveedor de contenido. En otras palabras, una aplicación de terceros puede leer el historial del explorador del usuario en texto sin cifrar mediante una petición app.provider.query content://com.android.browser.searchhistory/searchhistory. Xiaomi browser version 10.2.4.g suffers from a browser search history disclosure vulnerability. • https://www.exploit-db.com/exploits/50188 http://packetstormsecurity.com/files/163796/Xiaomi-10.2.4.g-Information-Disclosure.html https://sec.xiaomi.com https://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 4.2EPSS: 0%CPEs: 16EXPL: 0

CVE-2019-12762

https://notcve.org/view.php?id=CVE-2019-12762

Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. Los dispositivos Xiaomi Mi 5s Plus permiten a los atacantes desencadenar anomalías de la pantalla táctil a través de una señal de radio entre 198 kHz y 203 kHz, como lo demuestra un transmisor y una antena ocultos justo debajo de la superficie de una mesa de cafetería, también conocida como Ghost Touch. • https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607 •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2019-12500

https://notcve.org/view.php?id=CVE-2019-12500

The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking. El scooter Xiaomi M365 2019-02-12 anterior a la versión 1.5.1 permite la suplantación de comandos "suddenly accelerate". Esto sucede porque los comandos Bluetooth Low Energy no tienen una comprobación de identificación en el lado del servidor. • https://blog.zimperium.com/dont-give-me-a-brake-xiaomi-scooter-hack-enables-dangerous-accelerations-and-stops-for-unsuspecting-riders • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2018-20823

https://notcve.org/view.php?id=CVE-2018-20823

The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack. El giroscopio en los dispositivos Xiaomi Mi 5s permite a los atacantes causar una denegación de servicio (resonancia y datos falsos) a través de una señal de audio de 20.4 kHz, también conocido como ataque de ultrasonido MEMS. • https://hackaday.com/2018/07/17/freak-out-your-smartphone-with-ultrasound https://medium.com/%40juliodellaflora/ultrassom-pode-causar-anomalias-no-girosc%C3%B3pio-do-xiaomi-mi5s-plus-4050d718bc7f • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2019-6743 – Xiaomi Mi6 Browser WebAssembly.Instance Out-Of-Bounds Write Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2019-6743

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-19-366 • CWE-787: Out-of-bounds Write •

1...14 15 16 17 18