Vulnerabilities > LG > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-03 | CVE-2023-40508 | Unspecified vulnerability in LG Simple Editor 3.21.0 LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability. | 9.1 |
| 2024-05-03 | CVE-2023-40509 | Unspecified vulnerability in LG Simple Editor 3.21.0 LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability. | 9.1 |
| 2024-04-09 | CVE-2023-6317 | Unspecified vulnerability in LG Webos A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. | 9.8 |
| 2024-03-25 | CVE-2024-2862 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in LG LED Assistant 2.1.65 This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. | 9.8 |
| 2024-03-25 | CVE-2024-2863 | Path Traversal vulnerability in LG LED Assistant 2.1.65 This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. | 9.8 |
| 2024-02-26 | CVE-2024-1885 | Unspecified vulnerability in LG Webos Signage 6.0.056 This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage. | 9.8 |
| 2023-09-04 | CVE-2023-4614 | Path Traversal vulnerability in LG LED Assistant 2.1.45 This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. | 9.8 |
| 2023-09-04 | CVE-2023-4613 | Path Traversal vulnerability in LG LED Assistant 2.1.45 This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. | 9.8 |
| 2022-03-11 | CVE-2022-23730 | Unspecified vulnerability in LG Webos The public API error causes for the attacker to be able to bypass API access control. | 9.8 |
| 2021-08-24 | CVE-2021-38306 | OS Command Injection vulnerability in LG N1T1 Firmware Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter. | 9.8 |