Search criteria
21 vulnerabilities found for miui by mi
VAR-202003-1400
Vulnerability from variot - Updated: 2024-11-23 22:58An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass security detection, the data carried in the parameters are loaded and executed. An attacker can use NFC tools to get close enough to a user's unlocked phone to cause apps to be installed and information to be leaked. This is fixed on version: 2001122. Xiaomi MIUI The device contains a vulnerability related to information leakage.Information may be obtained and tampered with. The issue lies in the ability to send an intent that would not otherwise be permitted. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within Xiaomi GetApps webview. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "miui",
"scope": "eq",
"trust": 1.0,
"vendor": "mi",
"version": "11.0.5.0.qfaeuxm"
},
{
"_id": null,
"model": "miui",
"scope": "eq",
"trust": 0.8,
"vendor": "xiaomi",
"version": "11.0.5.0.qfaeuxm"
},
{
"_id": null,
"model": "mi6",
"scope": null,
"trust": 0.7,
"vendor": "xiaomi",
"version": null
},
{
"_id": null,
"model": "browser",
"scope": null,
"trust": 0.7,
"vendor": "xiaomi",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-288"
},
{
"db": "ZDI",
"id": "ZDI-20-287"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002530"
},
{
"db": "NVD",
"id": "CVE-2020-9531"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:xiaomi:miui_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002530"
}
]
},
"credits": {
"_id": null,
"data": "@FSecureLabs",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-288"
},
{
"db": "ZDI",
"id": "ZDI-20-287"
}
],
"trust": 1.4
},
"cve": "CVE-2020-9531",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2020-9531",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-002530",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2020-9531",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-002530",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2020-9531",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"id": "CVE-2020-9531",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-9531",
"trust": 1.4,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9531",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-002530",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-242",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-288"
},
{
"db": "ZDI",
"id": "ZDI-20-287"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002530"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-242"
},
{
"db": "NVD",
"id": "CVE-2020-9531"
}
]
},
"description": {
"_id": null,
"data": "An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass security detection, the data carried in the parameters are loaded and executed. An attacker can use NFC tools to get close enough to a user\u0027s unlocked phone to cause apps to be installed and information to be leaked. This is fixed on version: 2001122. Xiaomi MIUI The device contains a vulnerability related to information leakage.Information may be obtained and tampered with. The issue lies in the ability to send an intent that would not otherwise be permitted. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within Xiaomi GetApps webview. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9531"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002530"
},
{
"db": "ZDI",
"id": "ZDI-20-288"
},
{
"db": "ZDI",
"id": "ZDI-20-287"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-9531",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-20-288",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-20-287",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002530",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9657",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9656",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202003-242",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-288"
},
{
"db": "ZDI",
"id": "ZDI-20-287"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002530"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-242"
},
{
"db": "NVD",
"id": "CVE-2020-9531"
}
]
},
"id": "VAR-202003-1400",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7
},
"last_update_date": "2024-11-23T22:58:20.086000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Thank you Letter | Thanks to FSecureLabs for supporting Xiaomi Security",
"trust": 0.8,
"url": "https://sec.xiaomi.com/post/180"
},
{
"title": "Xiaomi MIUI Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111632"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002530"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-242"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002530"
},
{
"db": "NVD",
"id": "CVE-2020-9531"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-288/"
},
{
"trust": 1.6,
"url": "https://sec.xiaomi.com/post/180"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-287/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9531"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9531"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002530"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-242"
},
{
"db": "NVD",
"id": "CVE-2020-9531"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-288",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-287",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002530",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202003-242",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-9531",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "ZDI",
"id": "ZDI-20-288",
"ident": null
},
{
"date": "2020-03-12T00:00:00",
"db": "ZDI",
"id": "ZDI-20-287",
"ident": null
},
{
"date": "2020-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002530",
"ident": null
},
{
"date": "2020-03-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-242",
"ident": null
},
{
"date": "2020-03-06T17:15:12.587000",
"db": "NVD",
"id": "CVE-2020-9531",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "ZDI",
"id": "ZDI-20-288",
"ident": null
},
{
"date": "2020-03-12T00:00:00",
"db": "ZDI",
"id": "ZDI-20-287",
"ident": null
},
{
"date": "2020-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002530",
"ident": null
},
{
"date": "2022-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-242",
"ident": null
},
{
"date": "2024-11-21T05:40:49.077000",
"db": "NVD",
"id": "CVE-2020-9531",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-242"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Xiaomi MIUI Information leakage vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002530"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-242"
}
],
"trust": 0.6
}
}
VAR-202104-0012
Vulnerability from variot - Updated: 2024-11-23 22:54The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. Xiaomi 10 MIUI Contains an unspecified vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0012",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "miui",
"scope": "lt",
"trust": 1.0,
"vendor": "mi",
"version": "2020.01.15"
},
{
"model": "miui",
"scope": "eq",
"trust": 0.8,
"vendor": "xiaomi",
"version": null
},
{
"model": "miui",
"scope": "eq",
"trust": 0.8,
"vendor": "xiaomi",
"version": "miui firmware 2020/01/15 before that"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016518"
},
{
"db": "NVD",
"id": "CVE-2020-14103"
}
]
},
"cve": "CVE-2020-14103",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-14103",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-14103",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-14103",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14103",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-14103",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-474",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-14103",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-14103"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016518"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-474"
},
{
"db": "NVD",
"id": "CVE-2020-14103"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI \u003c 2020.01.15. Xiaomi 10 MIUI Contains an unspecified vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14103"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016518"
},
{
"db": "VULMON",
"id": "CVE-2020-14103"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14103",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016518",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-474",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-14103",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-14103"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016518"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-474"
},
{
"db": "NVD",
"id": "CVE-2020-14103"
}
]
},
"id": "VAR-202104-0012",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7
},
"last_update_date": "2024-11-23T22:54:52.820000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://trust.mi.com/en"
},
{
"title": "Xiaomi MIUI OS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147206"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016518"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-474"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016518"
},
{
"db": "NVD",
"id": "CVE-2020-14103"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=27\u0026locale=zh"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14103"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-14103"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016518"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-474"
},
{
"db": "NVD",
"id": "CVE-2020-14103"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-14103"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016518"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-474"
},
{
"db": "NVD",
"id": "CVE-2020-14103"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-14103"
},
{
"date": "2021-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016518"
},
{
"date": "2021-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-474"
},
{
"date": "2021-04-08T21:15:13.207000",
"db": "NVD",
"id": "CVE-2020-14103"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-14103"
},
{
"date": "2021-12-14T05:28:00",
"db": "JVNDB",
"id": "JVNDB-2020-016518"
},
{
"date": "2021-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-474"
},
{
"date": "2024-11-21T05:02:39.220000",
"db": "NVD",
"id": "CVE-2020-14103"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-474"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xiaomi\u00a010\u00a0MIUI\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016518"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-474"
}
],
"trust": 0.6
}
}
VAR-202003-1399
Vulnerability from variot - Updated: 2024-11-23 22:48An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView component of Messaging(com.android.MMS) and loading malicious web pages, information leakage can occur. This is fixed on version: 2001122; 11.0.1.54. Xiaomi MIUI The device contains a vulnerability related to information leakage.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of manualUpgradeInfo objects. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current process. Xiaomi MIUI is an Android-based smartphone operating system developed by China's Xiaomi Technology Company (Xiaomi). There is a security vulnerability in Xiaomi MIUI V11.0.5.0.QFAEUXM version, the vulnerability stems from the fact that the program does not properly handle the function used to open other components. An attacker can exploit this vulnerability to obtain information through a specially crafted web page
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "miui",
"scope": "eq",
"trust": 1.6,
"vendor": "mi",
"version": "11.0.5.0.qfaeuxm"
},
{
"_id": null,
"model": "miui",
"scope": "eq",
"trust": 0.8,
"vendor": "xiaomi",
"version": "11.0.5.0.qfaeuxm"
},
{
"_id": null,
"model": "browser",
"scope": null,
"trust": 0.7,
"vendor": "xiaomi",
"version": null
},
{
"_id": null,
"model": "miui",
"scope": "eq",
"trust": 0.6,
"vendor": "mi",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-289"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002531"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-246"
},
{
"db": "NVD",
"id": "CVE-2020-9530"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:xiaomi:miui_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002531"
}
]
},
"credits": {
"_id": null,
"data": "@fluoroacetate",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-289"
}
],
"trust": 0.7
},
"cve": "CVE-2020-9530",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-9530",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-002531",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-187655",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-9530",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-002531",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-9530",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9530",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-002531",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2020-9530",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-246",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-187655",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-289"
},
{
"db": "VULHUB",
"id": "VHN-187655"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002531"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-246"
},
{
"db": "NVD",
"id": "CVE-2020-9530"
}
]
},
"description": {
"_id": null,
"data": "An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView component of Messaging(com.android.MMS) and loading malicious web pages, information leakage can occur. This is fixed on version: 2001122; 11.0.1.54. Xiaomi MIUI The device contains a vulnerability related to information leakage.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of manualUpgradeInfo objects. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current process. Xiaomi MIUI is an Android-based smartphone operating system developed by China\u0027s Xiaomi Technology Company (Xiaomi). There is a security vulnerability in Xiaomi MIUI V11.0.5.0.QFAEUXM version, the vulnerability stems from the fact that the program does not properly handle the function used to open other components. An attacker can exploit this vulnerability to obtain information through a specially crafted web page",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9530"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002531"
},
{
"db": "ZDI",
"id": "ZDI-20-289"
},
{
"db": "VULHUB",
"id": "VHN-187655"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-9530",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-20-289",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002531",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9665",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202003-246",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-16489",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187655",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-289"
},
{
"db": "VULHUB",
"id": "VHN-187655"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002531"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-246"
},
{
"db": "NVD",
"id": "CVE-2020-9530"
}
]
},
"id": "VAR-202003-1399",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187655"
}
],
"trust": 0.7999999999999999
},
"last_update_date": "2024-11-23T22:48:03.148000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Thank you Letter | Thanks to FSecureLabs for supporting Xiaomi Security",
"trust": 0.8,
"url": "https://sec.xiaomi.com/post/180"
},
{
"title": "Xiaomi MIUI Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111273"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002531"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-246"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-94",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187655"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002531"
},
{
"db": "NVD",
"id": "CVE-2020-9530"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.7,
"url": "https://sec.xiaomi.com/post/180"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-289/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9530"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9530"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187655"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002531"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-246"
},
{
"db": "NVD",
"id": "CVE-2020-9530"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-289",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-187655",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002531",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202003-246",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-9530",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "ZDI",
"id": "ZDI-20-289",
"ident": null
},
{
"date": "2020-03-06T00:00:00",
"db": "VULHUB",
"id": "VHN-187655",
"ident": null
},
{
"date": "2020-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002531",
"ident": null
},
{
"date": "2020-03-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-246",
"ident": null
},
{
"date": "2020-03-06T17:15:12.493000",
"db": "NVD",
"id": "CVE-2020-9530",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-03-12T00:00:00",
"db": "ZDI",
"id": "ZDI-20-289",
"ident": null
},
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-187655",
"ident": null
},
{
"date": "2020-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002531",
"ident": null
},
{
"date": "2020-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-246",
"ident": null
},
{
"date": "2024-11-21T05:40:48.940000",
"db": "NVD",
"id": "CVE-2020-9530",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-246"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Xiaomi MIUI Information leakage vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002531"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-246"
}
],
"trust": 0.6
}
}
VAR-202104-0015
Vulnerability from variot - Updated: 2024-11-23 22:29The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0015",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "miui",
"scope": "lt",
"trust": 1.0,
"vendor": "mi",
"version": "2021.01.26"
},
{
"model": "miui",
"scope": "eq",
"trust": 0.8,
"vendor": "xiaomi",
"version": null
},
{
"model": "miui",
"scope": "eq",
"trust": 0.8,
"vendor": "xiaomi",
"version": "miui firmware 2021/01/26 before that"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016517"
},
{
"db": "NVD",
"id": "CVE-2020-14106"
}
]
},
"cve": "CVE-2020-14106",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-14106",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-14106",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-14106",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14106",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-14106",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-472",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-14106",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-14106"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016517"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-472"
},
{
"db": "NVD",
"id": "CVE-2020-14106"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI \u003c 2021.01.26",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14106"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016517"
},
{
"db": "VULMON",
"id": "CVE-2020-14106"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14106",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016517",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-472",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-14106",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-14106"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016517"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-472"
},
{
"db": "NVD",
"id": "CVE-2020-14106"
}
]
},
"id": "VAR-202104-0015",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7
},
"last_update_date": "2024-11-23T22:29:17.192000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://trust.mi.com/en"
},
{
"title": "Xiaomi Mobile Phone MIUI Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147204"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016517"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-472"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016517"
},
{
"db": "NVD",
"id": "CVE-2020-14106"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=29\u0026locale=zh"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14106"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-14106"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016517"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-472"
},
{
"db": "NVD",
"id": "CVE-2020-14106"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-14106"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016517"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-472"
},
{
"db": "NVD",
"id": "CVE-2020-14106"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-14106"
},
{
"date": "2021-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016517"
},
{
"date": "2021-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-472"
},
{
"date": "2021-04-08T21:15:13.297000",
"db": "NVD",
"id": "CVE-2020-14106"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-14106"
},
{
"date": "2021-12-14T05:27:00",
"db": "JVNDB",
"id": "JVNDB-2020-016517"
},
{
"date": "2021-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-472"
},
{
"date": "2024-11-21T05:02:39.760000",
"db": "NVD",
"id": "CVE-2020-14106"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-472"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xiaomi\u00a0 Mobile phone \u00a0MIUI\u00a0 Authentication Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016517"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-472"
}
],
"trust": 0.6
}
}
VAR-202104-0014
Vulnerability from variot - Updated: 2024-11-23 21:58The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. Xiaomi 10 is a smartphone of the Chinese company Xiaomi.
There is an information disclosure vulnerability in Xiaomi 10 MIUI 2020.01.15 and earlier versions. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0014",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "miui",
"scope": "lt",
"trust": 1.0,
"vendor": "mi",
"version": "2020.01.15"
},
{
"model": "miui",
"scope": "eq",
"trust": 0.6,
"vendor": "xiaomi",
"version": "10\u003c2020.01.15"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-31471"
},
{
"db": "NVD",
"id": "CVE-2020-14105"
}
]
},
"cve": "CVE-2020-14105",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14105",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-31471",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-14105",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14105",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-31471",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-1575",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-14105",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-31471"
},
{
"db": "VULMON",
"id": "CVE-2020-14105"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1575"
},
{
"db": "NVD",
"id": "CVE-2020-14105"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI \u003c 2020.01.15. Xiaomi 10 is a smartphone of the Chinese company Xiaomi. \n\r\n\r\nThere is an information disclosure vulnerability in Xiaomi 10 MIUI 2020.01.15 and earlier versions. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14105"
},
{
"db": "CNVD",
"id": "CNVD-2021-31471"
},
{
"db": "VULMON",
"id": "CVE-2020-14105"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14105",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2021-31471",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1575",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-14105",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-31471"
},
{
"db": "VULMON",
"id": "CVE-2020-14105"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1575"
},
{
"db": "NVD",
"id": "CVE-2020-14105"
}
]
},
"id": "VAR-202104-0014",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-31471"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-31471"
}
]
},
"last_update_date": "2024-11-23T21:58:42.370000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Xiaomi 10 MIUI SNO information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/261546"
},
{
"title": "Xiaomi 10 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148442"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-31471"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1575"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14105"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28\u0026locale=zh"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14105"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-31471"
},
{
"db": "VULMON",
"id": "CVE-2020-14105"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1575"
},
{
"db": "NVD",
"id": "CVE-2020-14105"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-31471"
},
{
"db": "VULMON",
"id": "CVE-2020-14105"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1575"
},
{
"db": "NVD",
"id": "CVE-2020-14105"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-31471"
},
{
"date": "2021-04-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-14105"
},
{
"date": "2021-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-1575"
},
{
"date": "2021-04-20T16:15:10.120000",
"db": "NVD",
"id": "CVE-2020-14105"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-31471"
},
{
"date": "2021-04-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-14105"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-1575"
},
{
"date": "2024-11-21T05:02:39.537000",
"db": "NVD",
"id": "CVE-2020-14105"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-1575"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xiaomi 10 MIUI SNO information disclosure vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-31471"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-1575"
}
],
"trust": 0.6
}
}
CVE-2020-14127 (GCVE-0-2020-14127)
Vulnerability from nvd – Published: 2022-07-14 14:46 – Updated: 2024-08-04 12:39
VLAI?
Summary
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.
Severity ?
No CVSS data available.
CWE
- Denial of service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Redmi K40 ,Redmi Note10 Pro |
Affected:
Redmi K40 MIUI<2022.07.01 ,Redmi Note10 Pro MIUI<2022.07.01
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redmi K40 ,Redmi Note10 Pro",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Redmi K40 MIUI\u003c2022.07.01 ,Redmi Note10 Pro MIUI\u003c2022.07.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T14:46:49",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Redmi K40 ,Redmi Note10 Pro",
"version": {
"version_data": [
{
"version_value": "Redmi K40 MIUI\u003c2022.07.01 ,Redmi Note10 Pro MIUI\u003c2022.07.01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14127",
"datePublished": "2022-07-14T14:46:49",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14125 (GCVE-0-2020-14125)
Vulnerability from nvd – Published: 2022-06-08 14:14 – Updated: 2024-08-04 12:39
VLAI?
Summary
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service.
Severity ?
No CVSS data available.
CWE
- Denial of service vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Redmi Note 11 ,Redmi Note 9T |
Affected:
Redmi Note 11 MIUI<2022.01.26, Redmi Note 9T MIUI<2022.01.26
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redmi Note 11 ,Redmi Note 9T",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Redmi Note 11 MIUI\u003c2022.01.26, Redmi Note 9T MIUI\u003c2022.01.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T14:14:57",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Redmi Note 11 ,Redmi Note 9T",
"version": {
"version_data": [
{
"version_value": "Redmi Note 11 MIUI\u003c2022.01.26, Redmi Note 9T MIUI\u003c2022.01.26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14125",
"datePublished": "2022-06-08T14:14:57",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14123 (GCVE-0-2020-14123)
Vulnerability from nvd – Published: 2022-04-22 15:17 – Updated: 2024-08-04 12:39
VLAI?
Summary
There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges.
Severity ?
No CVSS data available.
CWE
- Pointer Double Free Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MIUI",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MIUI version 12.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Pointer Double Free Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T15:17:36",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MIUI",
"version": {
"version_data": [
{
"version_value": "MIUI version 12.5.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pointer Double Free Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14123",
"datePublished": "2022-04-22T15:17:36",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14122 (GCVE-0-2020-14122)
Vulnerability from nvd – Published: 2022-04-21 17:27 – Updated: 2024-08-04 12:39
VLAI?
Summary
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage.
Severity ?
No CVSS data available.
CWE
- Information leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MIUI",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MIUI version 12.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-21T17:27:52",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MIUI",
"version": {
"version_data": [
{
"version_value": "MIUI version 12.5.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=147",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14122",
"datePublished": "2022-04-21T17:27:52",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14120 (GCVE-0-2020-14120)
Vulnerability from nvd – Published: 2022-04-21 17:30 – Updated: 2024-08-04 12:39
VLAI?
Summary
Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected.
Severity ?
No CVSS data available.
CWE
- Permission bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MIUI",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MIUI version 12.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Permission bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-21T17:30:37",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=145"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MIUI",
"version": {
"version_data": [
{
"version_value": "MIUI version 12.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permission bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=145",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=145"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14120",
"datePublished": "2022-04-21T17:30:37",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14105 (GCVE-0-2020-14105)
Vulnerability from nvd – Published: 2021-04-20 15:49 – Updated: 2024-08-04 12:39
VLAI?
Summary
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28\u0026locale=zh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi 10",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi 10 MIUI system \u003c 2020.01.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI \u003c 2020.01.15."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-20T15:49:21",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28\u0026locale=zh"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi 10",
"version": {
"version_data": [
{
"version_value": "Xiaomi 10 MIUI system \u003c 2020.01.15"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI \u003c 2020.01.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28\u0026locale=zh",
"refsource": "CONFIRM",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28\u0026locale=zh"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14105",
"datePublished": "2021-04-20T15:49:21",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14106 (GCVE-0-2020-14106)
Vulnerability from nvd – Published: 2021-04-08 20:57 – Updated: 2024-08-04 12:39
VLAI?
Summary
The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Xiaomi Mobile Phone |
Affected:
Xiaomi Mobile Phone MIUI system < 2021.01.26
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=29\u0026locale=zh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi Mobile Phone",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi Mobile Phone MIUI system \u003c 2021.01.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI \u003c 2021.01.26."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-08T20:57:52",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=29\u0026locale=zh"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi Mobile Phone",
"version": {
"version_data": [
{
"version_value": "Xiaomi Mobile Phone MIUI system \u003c 2021.01.26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI \u003c 2021.01.26."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=29\u0026locale=zh",
"refsource": "MISC",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=29\u0026locale=zh"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14106",
"datePublished": "2021-04-08T20:57:52",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14103 (GCVE-0-2020-14103)
Vulnerability from nvd – Published: 2021-04-08 20:23 – Updated: 2024-08-04 12:39
VLAI?
Summary
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=27\u0026locale=zh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi 10",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi 10 MIUI system \u003c 2020.01.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI \u003c 2020.01.15."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-08T20:29:06",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=27\u0026locale=zh"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi 10",
"version": {
"version_data": [
{
"version_value": "Xiaomi 10 MIUI system \u003c 2020.01.15"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI \u003c 2020.01.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=27\u0026locale=zh",
"refsource": "MISC",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=27\u0026locale=zh"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14103",
"datePublished": "2021-04-08T20:23:25",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14127 (GCVE-0-2020-14127)
Vulnerability from cvelistv5 – Published: 2022-07-14 14:46 – Updated: 2024-08-04 12:39
VLAI?
Summary
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.
Severity ?
No CVSS data available.
CWE
- Denial of service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Redmi K40 ,Redmi Note10 Pro |
Affected:
Redmi K40 MIUI<2022.07.01 ,Redmi Note10 Pro MIUI<2022.07.01
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redmi K40 ,Redmi Note10 Pro",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Redmi K40 MIUI\u003c2022.07.01 ,Redmi Note10 Pro MIUI\u003c2022.07.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T14:46:49",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Redmi K40 ,Redmi Note10 Pro",
"version": {
"version_data": [
{
"version_value": "Redmi K40 MIUI\u003c2022.07.01 ,Redmi Note10 Pro MIUI\u003c2022.07.01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=169"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14127",
"datePublished": "2022-07-14T14:46:49",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14125 (GCVE-0-2020-14125)
Vulnerability from cvelistv5 – Published: 2022-06-08 14:14 – Updated: 2024-08-04 12:39
VLAI?
Summary
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service.
Severity ?
No CVSS data available.
CWE
- Denial of service vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Redmi Note 11 ,Redmi Note 9T |
Affected:
Redmi Note 11 MIUI<2022.01.26, Redmi Note 9T MIUI<2022.01.26
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redmi Note 11 ,Redmi Note 9T",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Redmi Note 11 MIUI\u003c2022.01.26, Redmi Note 9T MIUI\u003c2022.01.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T14:14:57",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Redmi Note 11 ,Redmi Note 9T",
"version": {
"version_data": [
{
"version_value": "Redmi Note 11 MIUI\u003c2022.01.26, Redmi Note 9T MIUI\u003c2022.01.26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14125",
"datePublished": "2022-06-08T14:14:57",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14123 (GCVE-0-2020-14123)
Vulnerability from cvelistv5 – Published: 2022-04-22 15:17 – Updated: 2024-08-04 12:39
VLAI?
Summary
There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges.
Severity ?
No CVSS data available.
CWE
- Pointer Double Free Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MIUI",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MIUI version 12.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Pointer Double Free Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T15:17:36",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MIUI",
"version": {
"version_data": [
{
"version_value": "MIUI version 12.5.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pointer Double Free Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14123",
"datePublished": "2022-04-22T15:17:36",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14120 (GCVE-0-2020-14120)
Vulnerability from cvelistv5 – Published: 2022-04-21 17:30 – Updated: 2024-08-04 12:39
VLAI?
Summary
Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected.
Severity ?
No CVSS data available.
CWE
- Permission bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MIUI",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MIUI version 12.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Permission bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-21T17:30:37",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=145"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MIUI",
"version": {
"version_data": [
{
"version_value": "MIUI version 12.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permission bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=145",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=145"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14120",
"datePublished": "2022-04-21T17:30:37",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14122 (GCVE-0-2020-14122)
Vulnerability from cvelistv5 – Published: 2022-04-21 17:27 – Updated: 2024-08-04 12:39
VLAI?
Summary
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage.
Severity ?
No CVSS data available.
CWE
- Information leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MIUI",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "MIUI version 12.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-21T17:27:52",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MIUI",
"version": {
"version_data": [
{
"version_value": "MIUI version 12.5.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=147",
"refsource": "MISC",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14122",
"datePublished": "2022-04-21T17:27:52",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14105 (GCVE-0-2020-14105)
Vulnerability from cvelistv5 – Published: 2021-04-20 15:49 – Updated: 2024-08-04 12:39
VLAI?
Summary
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28\u0026locale=zh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi 10",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi 10 MIUI system \u003c 2020.01.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI \u003c 2020.01.15."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-20T15:49:21",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28\u0026locale=zh"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi 10",
"version": {
"version_data": [
{
"version_value": "Xiaomi 10 MIUI system \u003c 2020.01.15"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI \u003c 2020.01.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28\u0026locale=zh",
"refsource": "CONFIRM",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=28\u0026locale=zh"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14105",
"datePublished": "2021-04-20T15:49:21",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14106 (GCVE-0-2020-14106)
Vulnerability from cvelistv5 – Published: 2021-04-08 20:57 – Updated: 2024-08-04 12:39
VLAI?
Summary
The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Xiaomi Mobile Phone |
Affected:
Xiaomi Mobile Phone MIUI system < 2021.01.26
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=29\u0026locale=zh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi Mobile Phone",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi Mobile Phone MIUI system \u003c 2021.01.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI \u003c 2021.01.26."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-08T20:57:52",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=29\u0026locale=zh"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi Mobile Phone",
"version": {
"version_data": [
{
"version_value": "Xiaomi Mobile Phone MIUI system \u003c 2021.01.26"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI \u003c 2021.01.26."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=29\u0026locale=zh",
"refsource": "MISC",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=29\u0026locale=zh"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14106",
"datePublished": "2021-04-08T20:57:52",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14103 (GCVE-0-2020-14103)
Vulnerability from cvelistv5 – Published: 2021-04-08 20:23 – Updated: 2024-08-04 12:39
VLAI?
Summary
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=27\u0026locale=zh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Xiaomi 10",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Xiaomi 10 MIUI system \u003c 2020.01.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI \u003c 2020.01.15."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-08T20:29:06",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=27\u0026locale=zh"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@xiaomi.com",
"ID": "CVE-2020-14103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiaomi 10",
"version": {
"version_data": [
{
"version_value": "Xiaomi 10 MIUI system \u003c 2020.01.15"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI \u003c 2020.01.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=27\u0026locale=zh",
"refsource": "MISC",
"url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=27\u0026locale=zh"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2020-14103",
"datePublished": "2021-04-08T20:23:25",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}