CVE-2023-40501 – LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40501
LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyContent command. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-23-1217 • CWE-749: Exposed Dangerous Method or Function •
CVE-2023-40505 – LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40505
LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createThumbnailByMovie method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-23-1209 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-4274 – sileht bird-lg layout.html cross site scripting
https://notcve.org/view.php?id=CVE-2021-4274
A vulnerability, which was classified as problematic, has been found in sileht bird-lg. This issue affects some unknown processing of the file templates/layout.html. The manipulation of the argument request_args leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ef6b32c527478fefe7a4436e10b96ee28ed5b308. • https://github.com/sileht/bird-lg/commit/ef6b32c527478fefe7a4436e10b96ee28ed5b308 https://github.com/sileht/bird-lg/pull/82 https://vuldb.com/?id.216479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVE-2022-45422
https://notcve.org/view.php?id=CVE-2022-45422
When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. Cuando LG SmartShare está instalado, es posible escalar privilegios locales mediante un ataque de secuestro de DLL. La identificación de LG es LVE-HOT-220005. • https://lgsecurity.lge.com/bulletins/pc • CWE-427: Uncontrolled Search Path Element •
CVE-2022-23731
https://notcve.org/view.php?id=CVE-2022-23731
V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. El motor de javascript V8 (vulnerabilidad de pila) puede causar una escalada de privilegios, que puede afectar a algunos modelos de TV con webOS • https://lgsecurity.lge.com/bulletins/tv • CWE-264: Permissions, Privileges, and Access Controls •