CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4274 – sileht bird-lg layout.html cross site scripting
https://notcve.org/view.php?id=CVE-2021-4274
21 Dec 2022 — A vulnerability, which was classified as problematic, has been found in sileht bird-lg. This issue affects some unknown processing of the file templates/layout.html. The manipulation of the argument request_args leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ef6b32c527478fefe7a4436e10b96ee28ed5b308. • https://github.com/sileht/bird-lg/commit/ef6b32c527478fefe7a4436e10b96ee28ed5b308 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45422
https://notcve.org/view.php?id=CVE-2022-45422
21 Nov 2022 — When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. Cuando LG SmartShare está instalado, es posible escalar privilegios locales mediante un ataque de secuestro de DLL. La identificación de LG es LVE-HOT-220005. • https://lgsecurity.lge.com/bulletins/pc • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23731
https://notcve.org/view.php?id=CVE-2022-23731
11 Mar 2022 — V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. El motor de javascript V8 (vulnerabilidad de pila) puede causar una escalada de privilegios, que puede afectar a algunos modelos de TV con webOS • https://github.com/DavidBuchanan314/WAMpage • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23730
https://notcve.org/view.php?id=CVE-2022-23730
11 Mar 2022 — The public API error causes for the attacker to be able to bypass API access control. Un error de la API pública causa que el atacante pueda omitir el control de acceso a la API • https://lgsecurity.lge.com/bulletins/tv • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23727
https://notcve.org/view.php?id=CVE-2022-23727
28 Jan 2022 — There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege Se presenta una vulnerabilidad de escalada de privilegios en algunos televisores webOS. Debido a entornos de configuración erróneos, un atacante local es capaz de llevar a cabo una operación específica para explotar esta vulnerabilidad. Una explotación puede caus... • https://lgsecurity.lge.com/bulletins/tv •
CVSS: 10.0EPSS: 31%CPEs: 3EXPL: 1CVE-2021-38306
https://notcve.org/view.php?id=CVE-2021-38306
24 Aug 2021 — Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter. El Almacenamiento Conectado a la Red en los dispositivos LG N1T1*** 10124, permite a un atacante no autenticado conseguir acceso root por medio de una inyección de comandos en el Sistema Operativo en el parámetro destServer del archivo es/ajp/plugins/access.ssh/checkInstall.php. • https://www.lg.com/uk/support/product/lg-N1T1DD1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26688
https://notcve.org/view.php?id=CVE-2021-26688
04 Feb 2021 — An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021). Se detectó un problema en los dispositivos móviles LG Wing con software de Sistema Operativo Android versión 10. El sensor biométrico contiene propiedades de seguridad débiles. • https://lgsecurity.lge.com •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2020-7807 – DLL Hijacking Vulnerabilities During Installation of LG Electronics Software
https://notcve.org/view.php?id=CVE-2020-7807
14 Sep 2020 — A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE,... • https://lgsecurity.lge.com • CWE-353: Missing Support for Integrity Check CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 0CVE-2020-13842
https://notcve.org/view.php?id=CVE-2020-13842
04 Jun 2020 — An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020). Se detectó un problema en los dispositivos móviles LG con Sistema Operativo Android versiones 7.2, 8.0, 8.1, 9 y 10 (chipsets MTK). Se puso a disposición un comando AT peligroso aunque no se haya usado. • https://lgsecurity.lge.com •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 0CVE-2020-13841
https://notcve.org/view.php?id=CVE-2020-13841
04 Jun 2020 — An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020). Se detectó un problema en los dispositivos móviles LG con Android OS versiones 9 y 10 (chipsets MTK). Un manejador de comando AT permite a atacantes omitir restricciones de acceso previstas. • https://lgsecurity.lge.com •