Vendor CVEs
LG
All CVEs
93 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17173 | Cri | 0.71 | 9.8 | 0.56 | Sep 21, 2018 | LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. | ||
| CVE-2018-16287 | Cri | 0.65 | 9.8 | 0.20 | Sep 14, 2018 | LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. | ||
| CVE-2018-16286 | Cri | 0.65 | 9.8 | 0.22 | Sep 14, 2018 | LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. | ||
| CVE-2018-15482 | Cri | 0.64 | 9.8 | 0.01 | Aug 17, 2018 | Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. | ||
| CVE-2018-14982 | Cri | 0.64 | 9.8 | 0.01 | Aug 17, 2018 | Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. | ||
| CVE-2018-16946 | Hig | 0.52 | 7.5 | 0.09 | Sep 12, 2018 | LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials… | ||
| CVE-2018-16706 | Hig | 0.51 | 7.5 | 0.22 | Sep 14, 2018 | LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. | ||
| CVE-2025-10204 | Hig | 0.46 | — | 0.00 | Sep 14, 2025 | A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This… | ||
| CVE-2016-3846 | Hig | 0.46 | 7.0 | 0.00 | Aug 5, 2016 | The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378. | ||
| CVE-2016-10398 | Med | 0.40 | 6.2 | 0.00 | Jul 17, 2017 | Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured… | ||
| CVE-2016-10135 | Med | 0.36 | 5.5 | 0.01 | Jan 13, 2017 | An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are… | ||
| CVE-2018-14839 | 0.19 | — | 0.89 | KEV | May 14, 2019 | LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. | ||
| CVE-2023-40504 | 0.10 | — | 0.88 | May 3, 2024 | LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific… | |||
| CVE-2023-40498 | 0.10 | — | 0.83 | May 3, 2024 | LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific… | |||
| CVE-2024-2862 | 0.06 | — | 0.51 | Mar 25, 2024 | This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. | |||
| CVE-2024-2863 | 0.04 | — | 0.67 | Mar 25, 2024 | This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. | |||
| CVE-2023-40497 | 0.03 | — | 0.67 | May 3, 2024 | LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw… | |||
| CVE-2023-40494 | 0.03 | — | 0.84 | May 3, 2024 | LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-40492 | 0.03 | — | 0.84 | May 3, 2024 | LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2021-38306 | 0.03 | — | 0.09 | Aug 24, 2021 | Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter. | |||
| CVE-2023-40502 | 0.02 | — | 0.84 | May 3, 2024 | LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific… | |||
| CVE-2023-40496 | 0.02 | — | 0.77 | May 3, 2024 | LG Simple Editor copyStickerContent Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.… | |||
| CVE-2023-40495 | 0.02 | — | 0.77 | May 3, 2024 | LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. … | |||
| CVE-2023-6319 | 0.01 | — | 0.06 | Apr 9, 2024 | A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make… | |||
| CVE-2023-41181 | 0.00 | — | 0.02 | May 3, 2024 | LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit… | |||
| CVE-2023-40517 | 0.00 | — | 0.02 | May 3, 2024 | LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required… | |||
| CVE-2023-40516 | 0.00 | — | 0.00 | May 3, 2024 | LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. An attacker must first obtain the ability to execute low-privileged code on… | |||
| CVE-2023-40515 | 0.00 | — | 0.01 | May 3, 2024 | LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.… | |||
| CVE-2023-40514 | 0.00 | — | 0.03 | May 3, 2024 | LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to… | |||
| CVE-2023-40513 | 0.00 | — | 0.03 | May 3, 2024 | LG Simple Editor UserManageController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to… | |||
| CVE-2023-40512 | 0.00 | — | 0.03 | May 3, 2024 | LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to… | |||
| CVE-2023-40511 | 0.00 | — | 0.01 | May 3, 2024 | LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the… | |||
| CVE-2023-40510 | 0.00 | — | 0.01 | May 3, 2024 | LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists… | |||
| CVE-2023-40509 | 0.00 | — | 0.02 | May 3, 2024 | LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-40508 | 0.00 | — | 0.02 | May 3, 2024 | LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific… | |||
| CVE-2023-40507 | 0.00 | — | 0.01 | May 3, 2024 | LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this… | |||
| CVE-2023-40506 | 0.00 | — | 0.01 | May 3, 2024 | LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this… | |||
| CVE-2023-40505 | 0.00 | — | 0.02 | May 3, 2024 | LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-40503 | 0.00 | — | 0.01 | May 3, 2024 | LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this… | |||
| CVE-2023-40501 | 0.00 | — | 0.01 | May 3, 2024 | LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-40500 | 0.00 | — | 0.01 | May 3, 2024 | LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-40499 | 0.00 | — | 0.02 | May 3, 2024 | LG Simple Editor mkdir Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw… | |||
| CVE-2023-40493 | 0.00 | — | 0.02 | May 3, 2024 | LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-6320 | 0.00 | — | 0.04 | Apr 9, 2024 | A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to… | |||
| CVE-2023-6318 | 0.00 | — | 0.05 | Apr 9, 2024 | A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated… | |||
| CVE-2023-6317 | 0.00 | — | 0.01 | Apr 9, 2024 | A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA … | |||
| CVE-2024-1886 | 0.00 | — | 0.01 | Feb 26, 2024 | This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage. | |||
| CVE-2024-1885 | 0.00 | — | 0.01 | Feb 26, 2024 | This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage. | |||
| CVE-2023-44128 | 0.00 | — | 0.00 | Sep 27, 2023 | he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the… | |||
| CVE-2023-44127 | 0.00 | — | 0.00 | Sep 27, 2023 | he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers. |
- risk 0.71cvss 9.8epss 0.56
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
- risk 0.65cvss 9.8epss 0.20
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
- risk 0.65cvss 9.8epss 0.22
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
- risk 0.64cvss 9.8epss 0.01
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.
- risk 0.64cvss 9.8epss 0.01
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.
- risk 0.52cvss 7.5epss 0.09
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials…
- risk 0.51cvss 7.5epss 0.22
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.
- risk 0.46cvss —epss 0.00
A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This…
- risk 0.46cvss 7.0epss 0.00
The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.
- risk 0.40cvss 6.2epss 0.00
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured…
- risk 0.36cvss 5.5epss 0.01
An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are…
- risk 0.19cvss —epss 0.89
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.
- CVE-2023-40504May 3, 2024risk 0.10cvss —epss 0.88
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific…
- CVE-2023-40498May 3, 2024risk 0.10cvss —epss 0.83
LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific…
- CVE-2024-2862Mar 25, 2024risk 0.06cvss —epss 0.51
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.
- CVE-2024-2863Mar 25, 2024risk 0.04cvss —epss 0.67
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.
- CVE-2023-40497May 3, 2024risk 0.03cvss —epss 0.67
LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw…
- CVE-2023-40494May 3, 2024risk 0.03cvss —epss 0.84
LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-40492May 3, 2024risk 0.03cvss —epss 0.84
LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…
- CVE-2021-38306Aug 24, 2021risk 0.03cvss —epss 0.09
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.
- CVE-2023-40502May 3, 2024risk 0.02cvss —epss 0.84
LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific…
- CVE-2023-40496May 3, 2024risk 0.02cvss —epss 0.77
LG Simple Editor copyStickerContent Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.…
- CVE-2023-40495May 3, 2024risk 0.02cvss —epss 0.77
LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. …
- CVE-2023-6319Apr 9, 2024risk 0.01cvss —epss 0.06
A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make…
- CVE-2023-41181May 3, 2024risk 0.00cvss —epss 0.02
LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit…
- CVE-2023-40517May 3, 2024risk 0.00cvss —epss 0.02
LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required…
- CVE-2023-40516May 3, 2024risk 0.00cvss —epss 0.00
LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. An attacker must first obtain the ability to execute low-privileged code on…
- CVE-2023-40515May 3, 2024risk 0.00cvss —epss 0.01
LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.…
- CVE-2023-40514May 3, 2024risk 0.00cvss —epss 0.03
LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to…
- CVE-2023-40513May 3, 2024risk 0.00cvss —epss 0.03
LG Simple Editor UserManageController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to…
- CVE-2023-40512May 3, 2024risk 0.00cvss —epss 0.03
LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to…
- CVE-2023-40511May 3, 2024risk 0.00cvss —epss 0.01
LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…
- CVE-2023-40510May 3, 2024risk 0.00cvss —epss 0.01
LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists…
- CVE-2023-40509May 3, 2024risk 0.00cvss —epss 0.02
LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-40508May 3, 2024risk 0.00cvss —epss 0.02
LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific…
- CVE-2023-40507May 3, 2024risk 0.00cvss —epss 0.01
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this…
- CVE-2023-40506May 3, 2024risk 0.00cvss —epss 0.01
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this…
- CVE-2023-40505May 3, 2024risk 0.00cvss —epss 0.02
LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-40503May 3, 2024risk 0.00cvss —epss 0.01
LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this…
- CVE-2023-40501May 3, 2024risk 0.00cvss —epss 0.01
LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-40500May 3, 2024risk 0.00cvss —epss 0.01
LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-40499May 3, 2024risk 0.00cvss —epss 0.02
LG Simple Editor mkdir Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw…
- CVE-2023-40493May 3, 2024risk 0.00cvss —epss 0.02
LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-6320Apr 9, 2024risk 0.00cvss —epss 0.04
A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to…
- CVE-2023-6318Apr 9, 2024risk 0.00cvss —epss 0.05
A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated…
- CVE-2023-6317Apr 9, 2024risk 0.00cvss —epss 0.01
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA …
- CVE-2024-1886Feb 26, 2024risk 0.00cvss —epss 0.01
This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage.
- CVE-2024-1885Feb 26, 2024risk 0.00cvss —epss 0.01
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage.
- CVE-2023-44128Sep 27, 2023risk 0.00cvss —epss 0.00
he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the…
- CVE-2023-44127Sep 27, 2023risk 0.00cvss —epss 0.00
he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.
Page 1 of 2