webOS
by LG
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-6319 | 0.01 | — | 0.11 | Apr 9, 2024 | A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make… | |||
| CVE-2023-6320 | 0.00 | — | 0.01 | Apr 9, 2024 | A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to… | |||
| CVE-2023-6318 | 0.00 | — | 0.01 | Apr 9, 2024 | A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated… | |||
| CVE-2023-6317 | 0.00 | — | 0.00 | Apr 9, 2024 | A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA … | |||
| CVE-2022-23731 | 0.00 | — | 0.01 | Mar 11, 2022 | V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. | |||
| CVE-2006-2488 | 0.00 | — | 0.00 | May 19, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c)… |
- CVE-2023-6319Apr 9, 2024risk 0.01cvss —epss 0.11
A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make…
- CVE-2023-6320Apr 9, 2024risk 0.00cvss —epss 0.01
A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to…
- CVE-2023-6318Apr 9, 2024risk 0.00cvss —epss 0.01
A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated…
- CVE-2023-6317Apr 9, 2024risk 0.00cvss —epss 0.00
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA …
- CVE-2022-23731Mar 11, 2022risk 0.00cvss —epss 0.01
V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.
- CVE-2006-2488May 19, 2006risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c)…