CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 2CVE-2018-16706
https://notcve.org/view.php?id=CVE-2018-16706
14 Sep 2018 — LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. LG SuperSign CMS permite que los televisores se reinicien de forma remota sin autenticación mediante una petición HTTP directa a qsr_server device reboot en el puerto 9080. • https://github.com/Nurdilin/CVE-2018-16706 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16286
https://notcve.org/view.php?id=CVE-2018-16286
14 Sep 2018 — LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. LG SuperSign CMS permite la omisión de la autenticación debido a que se salta el requisito de CAPTCHA si se envía una cookie captcha:pass, y también debido a que el PIN se limita a 4 dígitos. • http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-16287
https://notcve.org/view.php?id=CVE-2018-16287
14 Sep 2018 — LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. LG SuperSign CMS permite la subida de archivos mediante los URI signEzUI playlist edit upload ..%2f. • http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.6EPSS: 63%CPEs: 1EXPL: 3CVE-2018-16288 – LG SuperSign EZ CMS 2.5 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2018-16288
14 Sep 2018 — LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. LG SuperSign CMS permite la lectura de archivos arbitrarios mediante los URI signEzUI playlist edit upload ..%2f. LG SuperSign EZ CMS version 2.5 suffers from a local file inclusion vulnerability. • https://packetstorm.news/files/id/149437 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 19%CPEs: 36EXPL: 3CVE-2018-16946 – LG Smart IP Camera 1508190 - Backup File Download
https://notcve.org/view.php?id=CVE-2018-16946
12 Sep 2018 — LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authentica... • https://packetstorm.news/files/id/149317 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-14981
https://notcve.org/view.php?id=CVE-2018-14981
17 Aug 2018 — Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. Algunos dispositivos LG basados en Android desde la versión 6.0 hasta la 8.1 tiene un control de acceso incorrecto para los intents de la aplicación SystemUI. El ID de LG es LVE-SMP-180005. • https://lgsecurity.lge.com/security_updates.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-14982
https://notcve.org/view.php?id=CVE-2018-14982
17 Aug 2018 — Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. Algunos dispositivos LG basados en Android desde la versión 6.0 hasta la 8.1 tiene un control de acceso incorrecto en la aplicación GNSS. El ID de LG es LVE-SMP-180004. • https://lgsecurity.lge.com/security_updates.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-15482
https://notcve.org/view.php?id=CVE-2018-15482
17 Aug 2018 — Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. Algunos dispositivos LG basados en Android desde la versión 6.0 hasta la 8.1 tiene un control de acceso incorrecto para los intents de la aplicación MLT. El ID de LG es LVE-SMP-180006. • https://lgsecurity.lge.com/security_updates.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.8EPSS: 1%CPEs: 3EXPL: 0CVE-2018-10229
https://notcve.org/view.php?id=CVE-2018-10229
04 May 2018 — A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. Una vulnerabilidad de hardware en los módulos de memoria de la GPU permiten que atacantes aceleren los ataques microarquitectónicos a través del uso de la API WebGL de JavaScript. • http://www.securityfocus.com/bid/104084 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 74%CPEs: 131EXPL: 5CVE-2017-15361 – HPE Security Bulletin HPESBHF03789 2
https://notcve.org/view.php?id=CVE-2017-15361
16 Oct 2017 — The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature... • https://github.com/nsacyber/Detect-CVE-2017-15361-TPM •