Filtered by vendor Lg
Subscriptions
Total
76 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40495 | 1 Lg | 1 Simple Editor | 2024-09-18 | N/A |
| LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyTemplateAll method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-19922. | ||||
| CVE-2023-40494 | 1 Lg | 1 Simple Editor | 2024-09-18 | N/A |
| LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteFolder method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-19921. | ||||
| CVE-2023-40493 | 1 Lg | 1 Simple Editor | 2024-09-18 | N/A |
| LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copySessionFolder command. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19920. | ||||
| CVE-2023-40492 | 1 Lg | 1 Simple Editor | 2024-09-18 | N/A |
| LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteCheckSession method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-19919. | ||||
| CVE-2023-40516 | 1 Lg | 1 Simple Editor | 2024-09-18 | N/A |
| LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The product sets incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20327. | ||||
| CVE-2020-9759 | 1 Lg | 1 Webos | 2024-09-17 | 4.6 Medium |
| A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files. | ||||
| CVE-2018-17173 | 1 Lg | 1 Supersign Cms | 2024-08-05 | N/A |
| LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. | ||||
| CVE-2018-16946 | 1 Lg | 36 Lnb5110, Lnb5110 Firmware, Lnb5320 and 33 more | 2024-08-05 | N/A |
| LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password. | ||||
| CVE-2018-16706 | 1 Lg | 1 Supersign Cms | 2024-08-05 | N/A |
| LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. | ||||
| CVE-2018-16286 | 1 Lg | 1 Supersign Cms | 2024-08-05 | N/A |
| LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. | ||||
| CVE-2018-16287 | 1 Lg | 1 Supersign Cms | 2024-08-05 | N/A |
| LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. | ||||
| CVE-2018-16288 | 1 Lg | 1 Supersign Cms | 2024-08-05 | N/A |
| LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. | ||||
| CVE-2018-15482 | 2 Google, Lg | 15 Android, G5, G6 and 12 more | 2024-08-05 | N/A |
| Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. | ||||
| CVE-2018-14981 | 2 Google, Lg | 15 Android, G5, G6 and 12 more | 2024-08-05 | N/A |
| Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. | ||||
| CVE-2018-14982 | 2 Google, Lg | 15 Android, G5, G6 and 12 more | 2024-08-05 | N/A |
| Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. | ||||
| CVE-2018-14839 | 1 Lg | 2 N1a1, N1a1 Firmware | 2024-08-05 | 9.8 Critical |
| LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. | ||||
| CVE-2018-10229 | 3 Google, Lg, Mozilla | 3 Chrome, Nexus 5, Firefox | 2024-08-05 | N/A |
| A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. | ||||
| CVE-2019-20777 | 2 Google, Lg | 3 Android, G7, V40 | 2024-08-05 | 9.8 Critical |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService mishandles OTA Provisioning on V40 and G7 devices. The LG ID is LVE-SMP-190006 (July 2019). | ||||
| CVE-2019-20769 | 1 Lg | 2 G3, Pc Suite | 2024-08-05 | 7.8 High |
| An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019). | ||||
| CVE-2019-20781 | 1 Lg | 1 Bridge | 2024-08-05 | 7.8 High |
| An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur. | ||||