CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40515 – LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-40515
LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the joinAddUser method. The issue results from improper input validation. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://www.zerodayinitiative.com/advisories/ZDI-23-1197 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40516 – LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-40516
LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The product sets incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-23-1218 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4274 – sileht bird-lg layout.html cross site scripting
https://notcve.org/view.php?id=CVE-2021-4274
A vulnerability, which was classified as problematic, has been found in sileht bird-lg. This issue affects some unknown processing of the file templates/layout.html. The manipulation of the argument request_args leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ef6b32c527478fefe7a4436e10b96ee28ed5b308. • https://github.com/sileht/bird-lg/commit/ef6b32c527478fefe7a4436e10b96ee28ed5b308 https://github.com/sileht/bird-lg/pull/82 https://vuldb.com/?id.216479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45422
https://notcve.org/view.php?id=CVE-2022-45422
When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. Cuando LG SmartShare está instalado, es posible escalar privilegios locales mediante un ataque de secuestro de DLL. La identificación de LG es LVE-HOT-220005. • https://lgsecurity.lge.com/bulletins/pc • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23731
https://notcve.org/view.php?id=CVE-2022-23731
V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. El motor de javascript V8 (vulnerabilidad de pila) puede causar una escalada de privilegios, que puede afectar a algunos modelos de TV con webOS • https://lgsecurity.lge.com/bulletins/tv • CWE-264: Permissions, Privileges, and Access Controls •