Vulnerabilities (CVE)

Filtered by vendor Mi Subscribe
Filtered by product Redmi 6
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-15340 1 Mi 2 Redmi 6, Redmi 6 Firmware 2023-12-10 2.1 LOW 3.3 LOW
The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V9.6.4.0.ODMMIFD:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1715_201805292006) that allows any app co-located on the device to programmatically disable and enable Wi-Fi, Bluetooth, and GPS without the corresponding access permission through an exported interface.
CVE-2018-20523 1 Mi 37 Redmi 4a, Redmi 4a Firmware, Redmi 5 Plus and 34 more 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.
CVE-2018-19939 1 Mi 4 Mi A2 Lite, Mi A2 Lite Firmware, Redmi 6 and 1 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.