8 matches found
CVE-2022-23730
CVE-2022-23730 is described across connected records as a public API error that allows bypassing API access control, with concrete mention of affecting LG WebOS (PT-2022-16235) and related entries (e.g., Red Hat/NVD refs). The sources do not provide specific vulnerable versions, exact root cause ...
CVE-2022-23731
CVE-2022-23731 involves a heap vulnerability in the V8 JavaScript engine used by some webOS TV models. The Red Hat/NVD/CVE records describe a local privilege-escalation flaw originating from the V8 heap, enabling an attacker with local access to gain higher privileges on affected TVs. Public mate...
CVE-2022-23727
Technical details about CVE-2022-23727 are not publicly available in the provided documents. Monitor for updates; no specifics on affected versions, impact, or remediation are disclosed here.
CVE-2023-6319
CVE-2023-6319 affects LG webOS: a command injection in getAudioMetadata of the com.webos.service.attachedstoragemanager. Affected webOS versions include 4.9.7–5.30.40, 5.5.0–04.50.51, 6.3.3-442–03.36.50, and 7.3.1-43–03.33.85. The vulnerability allows an attacker to execute commands as root via s...
CVE-2020-9759
CVE-2020-9759 affects WeeChat (IRC client). A crafted IRC message 352 (who) can cause a crash, per multiple advisories (Debian DLA-2157-1, GLSA-202003-51, USN-5258-1). Root cause: malformed channel/ IRC message handling leading to a crash; impact is denial of service via client crash. Remediation...
CVE-2023-6320
CVE-2023-6320: A command injection vulnerability affects webOS 5.x and 6.x, specifically the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint. The root cause is a command execution path that can be triggered by a sequence of authenticated requests, allowing execution as the db...
CVE-2023-6317
CVE-2023-6317 describes a prompt bypass in webOS secondscreen.gateway that lets an attacker create a privileged account without user PIN on affected webOS versions. Affected: webOS 4.9.7–5.30.40, 5.5.0–04.50.51, 6.3.3-442 (kisscurl-kinglake)–03.36.50, 7.3.1-43 (mullet-mebin)–03.33.85. Root cause:...
CVE-2023-6318
LG webOS versions 5 through 7 are affected by a command injection in the processAnalyticsReport method of the com.webos.service.cloudupload service, enabling root-level code execution via specially crafted authenticated requests. Affected versions listed include webOS 5.5.0 – 04.50.51, 6.3.3-442,...