Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for xiaomi by mi

    CVE-2020-14131 (GCVE-0-2020-14131)

    Vulnerability from nvd – Published: 2022-10-11 00:00 – Updated: 2024-08-04 12:39
    VLAI
    Summary
    The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.
    Severity
    No CVSS data available.
    CWE
    • a lack of identity verification
    Assigner
    Impacted products
    Vendor Product Version
    n/a Xiaomi specific devices Affected: Xiaomi specific devices,Affected Version:11,Fixed Version:12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.010Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=153"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Xiaomi specific devices",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Xiaomi specific devices,Affected Version:11,Fixed Version:12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "a lack of identity verification",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
            "shortName": "Xiaomi"
          },
          "references": [
            {
              "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=153"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "assignerShortName": "Xiaomi",
        "cveId": "CVE-2020-14131",
        "datePublished": "2022-10-11T00:00:00.000Z",
        "dateReserved": "2020-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:39:36.010Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14129 (GCVE-0-2020-14129)

    Vulnerability from nvd – Published: 2022-10-11 00:00 – Updated: 2024-08-04 12:39
    VLAI
    Summary
    A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.
    Severity
    No CVSS data available.
    CWE
    • Vulnerability logic vulnerability
    Assigner
    Impacted products
    Vendor Product Version
    n/a Xiaomi a certain APP Affected: Affected Version:3.4.5.18 Fixed Version:3.4.5.24
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=155"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Xiaomi a certain APP",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Affected Version:3.4.5.18 Fixed Version:3.4.5.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Vulnerability logic vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
            "shortName": "Xiaomi"
          },
          "references": [
            {
              "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=155"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "assignerShortName": "Xiaomi",
        "cveId": "CVE-2020-14129",
        "datePublished": "2022-10-11T00:00:00.000Z",
        "dateReserved": "2020-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:39:36.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14130 (GCVE-0-2020-14130)

    Vulnerability from nvd – Published: 2021-09-16 11:41 – Updated: 2024-08-04 12:39
    VLAI
    Summary
    Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809
    Severity
    No CVSS data available.
    CWE
    • Sensitive functions are maliciously invoked
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Xiaomi community app Affected: Xiaomi community app Affected Version <3.0.210809
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:35.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Xiaomi community app",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Xiaomi community app Affected Version \u003c3.0.210809"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version \u003c3.0.210809"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Sensitive functions are maliciously invoked",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-16T11:41:50.000Z",
            "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
            "shortName": "Xiaomi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@xiaomi.com",
              "ID": "CVE-2020-14130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Xiaomi community app",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Xiaomi community app Affected Version \u003c3.0.210809"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version \u003c3.0.210809"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Sensitive functions are maliciously invoked"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh",
                  "refsource": "MISC",
                  "url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "assignerShortName": "Xiaomi",
        "cveId": "CVE-2020-14130",
        "datePublished": "2021-09-16T11:41:50.000Z",
        "dateReserved": "2020-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:39:35.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14131 (GCVE-0-2020-14131)

    Vulnerability from cvelistv5 – Published: 2022-10-11 00:00 – Updated: 2024-08-04 12:39
    VLAI
    Summary
    The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.
    Severity
    No CVSS data available.
    CWE
    • a lack of identity verification
    Assigner
    Impacted products
    Vendor Product Version
    n/a Xiaomi specific devices Affected: Xiaomi specific devices,Affected Version:11,Fixed Version:12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.010Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=153"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Xiaomi specific devices",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Xiaomi specific devices,Affected Version:11,Fixed Version:12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "a lack of identity verification",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
            "shortName": "Xiaomi"
          },
          "references": [
            {
              "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=153"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "assignerShortName": "Xiaomi",
        "cveId": "CVE-2020-14131",
        "datePublished": "2022-10-11T00:00:00.000Z",
        "dateReserved": "2020-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:39:36.010Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14129 (GCVE-0-2020-14129)

    Vulnerability from cvelistv5 – Published: 2022-10-11 00:00 – Updated: 2024-08-04 12:39
    VLAI
    Summary
    A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.
    Severity
    No CVSS data available.
    CWE
    • Vulnerability logic vulnerability
    Assigner
    Impacted products
    Vendor Product Version
    n/a Xiaomi a certain APP Affected: Affected Version:3.4.5.18 Fixed Version:3.4.5.24
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=155"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Xiaomi a certain APP",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Affected Version:3.4.5.18 Fixed Version:3.4.5.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Vulnerability logic vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
            "shortName": "Xiaomi"
          },
          "references": [
            {
              "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=155"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "assignerShortName": "Xiaomi",
        "cveId": "CVE-2020-14129",
        "datePublished": "2022-10-11T00:00:00.000Z",
        "dateReserved": "2020-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:39:36.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14130 (GCVE-0-2020-14130)

    Vulnerability from cvelistv5 – Published: 2021-09-16 11:41 – Updated: 2024-08-04 12:39
    VLAI
    Summary
    Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809
    Severity
    No CVSS data available.
    CWE
    • Sensitive functions are maliciously invoked
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Xiaomi community app Affected: Xiaomi community app Affected Version <3.0.210809
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:35.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Xiaomi community app",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Xiaomi community app Affected Version \u003c3.0.210809"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version \u003c3.0.210809"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Sensitive functions are maliciously invoked",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-16T11:41:50.000Z",
            "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
            "shortName": "Xiaomi"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@xiaomi.com",
              "ID": "CVE-2020-14130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Xiaomi community app",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Xiaomi community app Affected Version \u003c3.0.210809"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version \u003c3.0.210809"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Sensitive functions are maliciously invoked"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh",
                  "refsource": "MISC",
                  "url": "https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25\u0026locale=zh"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "assignerShortName": "Xiaomi",
        "cveId": "CVE-2020-14130",
        "datePublished": "2021-09-16T11:41:50.000Z",
        "dateReserved": "2020-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:39:35.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }