VYPR

Vendor CVEs

LG Electronics

All CVEs

41 total · sorted by risk
  • CVE-2023-48010CriDec 5, 2024
    risk 0.64cvss 9.8epss 0.00

    STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets.

  • CVE-2018-16288HigSep 14, 2018
    risk 0.62cvss 8.6epss 0.35

    LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.

  • CVE-2016-3851HigAug 5, 2016
    risk 0.53cvss 8.1epss 0.01

    The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.

  • CVE-2024-6176MedJun 20, 2024
    risk 0.31cvss epss 0.00

    Allocation of Resources Without Limits or Throttling vulnerability in LG Electronics LG SuperSign CMS allows Port Scanning.This issue affects LG SuperSign CMS: from 4.1.3 before < 4.3.1.

  • CVE-2016-8474MedJan 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2016-8473MedJan 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-18347MedSep 12, 2018
    risk 0.30cvss 4.6epss 0.00

    Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full…

  • CVE-2024-45064Apr 2, 2025
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.

  • CVE-2024-50385Apr 2, 2025
    risk 0.00cvss epss 0.01

    A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This…

  • CVE-2024-50384Apr 2, 2025
    risk 0.00cvss epss 0.01

    A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This…

  • CVE-2024-50595Apr 2, 2025
    risk 0.00cvss epss 0.01

    An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this…

  • CVE-2024-50594Apr 2, 2025
    risk 0.00cvss epss 0.01

    An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this…

  • CVE-2024-50597Apr 2, 2025
    risk 0.00cvss epss 0.01

    An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This…

  • CVE-2024-50596Apr 2, 2025
    risk 0.00cvss epss 0.01

    An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This…

  • CVE-2024-6179Jun 20, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1.

  • CVE-2024-6178Jun 20, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1.

  • CVE-2024-6177Jun 20, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1.

  • CVE-2023-36629Jan 9, 2024
    risk 0.00cvss epss 0.00

    The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read.

  • CVE-2023-50096Jan 1, 2024
    risk 0.00cvss epss 0.01

    STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample…

  • CVE-2021-42553Oct 21, 2022
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as…

  • CVE-2021-43392Mar 4, 2022
    risk 0.00cvss epss 0.00

    STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is…

  • CVE-2021-43393Mar 4, 2022
    risk 0.00cvss epss 0.00

    STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for…

  • CVE-2021-34268Jul 22, 2021
    risk 0.00cvss epss 0.00

    An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet.

  • CVE-2021-34267Jul 22, 2021
    risk 0.00cvss epss 0.00

    An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint.

  • CVE-2021-34262Jul 22, 2021
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.

  • CVE-2021-34261Jul 22, 2021
    risk 0.00cvss epss 0.00

    An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature.

  • CVE-2021-34260Jul 22, 2021
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.

  • CVE-2021-34259Jul 22, 2021
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code.

  • CVE-2020-27212May 21, 2021
    risk 0.00cvss epss 0.00

    STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.

  • CVE-2021-29414May 21, 2021
    risk 0.00cvss epss 0.00

    STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.

  • CVE-2020-20949Jan 20, 2021
    risk 0.00cvss epss 0.01

    Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the…

  • CVE-2020-7807Sep 14, 2020
    risk 0.00cvss epss 0.00

    A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics…

  • CVE-2020-13466Aug 31, 2020
    risk 0.00cvss epss 0.00

    STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.

  • CVE-2020-8004Apr 6, 2020
    risk 0.00cvss epss 0.03

    STMicroelectronics STM32F1 devices have Incorrect Access Control.

  • CVE-2019-16863Nov 14, 2019
    risk 0.00cvss epss 0.03

    STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.

  • CVE-2019-14238Sep 24, 2019
    risk 0.00cvss epss 0.00

    On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus.

  • CVE-2019-14236Sep 12, 2019
    risk 0.00cvss epss 0.02

    On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated by observing CPU registers and the effect of code/instruction execution.

  • CVE-2014-7243Dec 5, 2014
    risk 0.00cvss epss 0.01

    LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2007-5558Oct 18, 2007
    risk 0.00cvss epss 0.02

    Integer overflow in the LG Mobile handset allows remote attackers to cause a denial of service (reboot) via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known…

  • CVE-2007-0524Jan 26, 2007
    risk 0.00cvss epss 0.01

    The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.

  • CVE-2005-1132May 2, 2005
    risk 0.00cvss epss 0.02

    LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file.