VYPR

Vendor CVEs

LG

All CVEs

93 total · sorted by risk
  • CVE-2023-44126Sep 27, 2023
    risk 0.00cvss epss 0.00

    The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states,…

  • CVE-2023-44125Sep 27, 2023
    risk 0.00cvss epss 0.00

    The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app, if it had access to app…

  • CVE-2023-44124Sep 27, 2023
    risk 0.00cvss epss 0.00

    The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents…

  • CVE-2023-44123Sep 27, 2023
    risk 0.00cvss epss 0.00

    The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app…

  • CVE-2023-44122Sep 27, 2023
    risk 0.00cvss epss 0.00

    The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents…

  • CVE-2023-44121Sep 27, 2023
    risk 0.00cvss epss 0.00

    The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action…

  • CVE-2023-4616Sep 4, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack…

  • CVE-2023-4615Sep 4, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from…

  • CVE-2023-4614Sep 4, 2023
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from…

  • CVE-2023-4613Sep 4, 2023
    risk 0.00cvss epss 0.02

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of…

  • CVE-2022-45422Nov 21, 2022
    risk 0.00cvss epss 0.00

    When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005.

  • CVE-2022-23731Mar 11, 2022
    risk 0.00cvss epss 0.01

    V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.

  • CVE-2021-30161Apr 6, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April 2021).

  • CVE-2021-26688Feb 4, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021).

  • CVE-2021-26689Feb 4, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).

  • CVE-2020-35554Dec 18, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December 2020).

  • CVE-2020-28344Nov 8, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 (November 2020).

  • CVE-2020-26598Oct 6, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. The Network Management component could allow an unauthorized actor to kill a TCP connection. The LG ID is LVE-SMP-200023 (October 2020).

  • CVE-2020-25281Sep 11, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020).

  • CVE-2020-25282Sep 11, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on property values. The LG ID is LVE-SMP-200020 (September 2020).

  • CVE-2020-25060Aug 31, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Local users can gain privileges because of LAF and SBL1 flaws. The LG ID is LVE-SMP-200015 (July 2020).

  • CVE-2020-25062Aug 31, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 (July 2020).

  • CVE-2020-25065Aug 31, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020).

  • CVE-2020-13842Jun 4, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).

  • CVE-2020-12754May 11, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 (May 2020).

  • CVE-2019-20782Apr 17, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. LG Advanced Flash (LAF) has a buffer overflow. The LG ID is LVE-SMP-190001 (March 2019).

  • CVE-2019-20780Apr 17, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only from known sources, are mishandled. The LG ID is LVE-SMP-190002 (April 2019).

  • CVE-2019-20777Apr 17, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService mishandles OTA Provisioning on V40 and G7 devices. The LG ID is LVE-SMP-190006 (July 2019).

  • CVE-2019-20775Apr 17, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is LVE-SMP-190010 (August 2019).

  • CVE-2019-20774Apr 17, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A system service allows local retrieval of the user's password. The LG ID is LVE-SMP-190009 (August 2019).

  • CVE-2019-20773Apr 17, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 (August 2019).

  • CVE-2020-11875Apr 17, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to gain privileges. The LG ID is LVE-SMP-200001 (February 2020).

  • CVE-2019-7404May 13, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log.

  • CVE-2014-8757Feb 17, 2015
    risk 0.00cvss epss 0.05

    LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request.

  • CVE-2014-7252Dec 5, 2014
    risk 0.00cvss epss 0.00

    Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets…

  • CVE-2014-7243Dec 5, 2014
    risk 0.00cvss epss 0.01

    LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2014-6636Sep 22, 2014
    risk 0.00cvss epss 0.00

    The LG Telepresence (aka com.rsupport.rtc.lge) application 2.0.12 Build 63 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2014-5563Sep 9, 2014
    risk 0.00cvss epss 0.00

    The Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application 1.4.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2013-3666May 29, 2013
    risk 0.00cvss epss 0.00

    The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi…

  • CVE-2007-5558Oct 18, 2007
    risk 0.00cvss epss 0.02

    Integer overflow in the LG Mobile handset allows remote attackers to cause a denial of service (reboot) via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known…

  • CVE-2007-0524Jan 26, 2007
    risk 0.00cvss epss 0.01

    The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.

  • CVE-2006-2488May 19, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c)…

  • CVE-2005-1132May 2, 2005
    risk 0.00cvss epss 0.02

    LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file.

Page 2 of 2