CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2863 – Path traversal via file upload on LG LED Assistant
https://notcve.org/view.php?id=CVE-2024-2863
25 Mar 2024 — This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. Esta vulnerabilidad permite a atacantes remotos atravesar rutas mediante la carga de archivos en el LG LED Assistant afectado. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-35: Path Traversal: '.../ •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2862 – Password reset vulnerability without authorization on LG LED Assistant
https://notcve.org/view.php?id=CVE-2024-2862
25 Mar 2024 — This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. Esta vulnerabilidad permite a atacantes remotos restablecer la contraseña de usuarios anónimos sin autorización en el LG LED Assistant afectado. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2024-1885 – Remote Code Execution attack on LG Signage
https://notcve.org/view.php?id=CVE-2024-1885
26 Feb 2024 — This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en el webOS afectado de LG Signage TV. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-5558
https://notcve.org/view.php?id=CVE-2007-5558
18 Oct 2007 — Integer overflow in the LG Mobile handset allows remote attackers to cause a denial of service (reboot) via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Desbordamiento de entero en el terminal LG Mobile permite a atacantes remotos provocar una denegación de servicio (reinicio) mediante un paquete HTTP manipulado. NOTA: a f... • http://www.irmplc.com/index.php/111-Vendor-Alerts • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0524
https://notcve.org/view.php?id=CVE-2007-0524
26 Jan 2007 — The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. El teléfono LG Chocolate KG800 permite a atacantes remotos provocar una denegación de servicio (diálogos modales contínuos e indisponibilidad del interfaz de usuario) intentando repetidamente la transmisión OBEX de un archivo por Bluetooth, como ha sido demostrado por ussp-push. • http://securityreason.com/securityalert/2180 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1132
https://notcve.org/view.php?id=CVE-2005-1132
16 Apr 2005 — LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file. • http://securitytracker.com/id?1013777 •