CVE-2023-6318

A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA

This Cyber News was published on www.tenable.com. Publication date: Tue, 09 Apr 2024 22:56:04 +0000

Cyber News related to CVE-2023-6318

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
1 year ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398

CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
8 months ago Tenable.com

CVE-2018-16333 - An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While ...
6 years ago

CVE-2018-18706 - An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When ...
6 years ago

CVE-2018-18707 - An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When ...
6 years ago

CVE-2018-18708 - An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When ...
6 years ago

CVE-2018-18709 - An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When ...
6 years ago

CVE-2018-18727 - An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. ...
6 years ago

CVE-2018-18730 - An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. ...
6 years ago

CVE-2018-18732 - An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. ...
6 years ago

CVE-2018-18731 - An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. ...
6 years ago

CVE-2018-18729 - An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- ...
5 years ago

CVE-2018-18728 - An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request. ...
5 years ago

Over 90,000 LG Smart TVs may be exposed to remote attacks - Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. The flaws enable varying degrees of unauthorized access and control over affected models, ...
10 months ago Bleepingcomputer.com CVE-2023-6317 CVE-2023-6318 CVE-2023-6319 CVE-2023-6320

Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
1 year ago Microsoft.com

LG releases updates for vulnerabilities that could allow hackers to gain access to TVs - Four new vulnerabilities affecting thousands of LG TVs have been found by researchers who said the issues could allow hackers to add themselves as users and take other actions. Researchers from cybersecurity firm Bitdefender said the bugs - three of ...
10 months ago Therecord.media CVE-2023-6317 CVE-2023-6318 CVE-2023-6319 CVE-2023-6320

Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
11 months ago Securelist.com

Multiple Flaws in Dell PowerProtect Products Execute Commands - Multiple vulnerabilities have been discovered in Dell's PowerProtect, which were associated with SQL injection, cross-site scripting, privilege escalation, command injection, and path tracing. The severity for these vulnerabilities ranges between 4.3 ...
1 year ago Cybersecuritynews.com CVE-2023-44286 CVE-2023-44284 CVE-2023-48668 CVE-2023-44277 CVE-2023-48667 CVE-2023-44279 CVE-2023-44278 CVE-2023-44285

CVE-2023-6318 - A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An ...
10 months ago Tenable.com

CVE-2008-6317 - Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than ...
7 years ago

CVE-2008-6316 - Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter, a different issue than CVE-2008-6316 and a ...
7 years ago

CVE-2008-6318 - PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter, a different vector than CVE-2008-6317. ...
7 years ago

CVE-2018-16334 - An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. ...
6 years ago

CVE-2018-14559 - An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability ...
5 years ago

CVE-2018-14557 - An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability ...
5 years ago

Latest Cyber News

Microsoft to shut down Skype, Here is the Deadline - 32 minutes ago
Serbian police used Cellebrite zero-day hack to unlock Android phones - 1 hour ago
Microsoft confirms it's killing off Skype in May, after 14 years - 2 hours ago
CVE-2024-53408 - 2 hours ago
CVE-2024-41338 - 3 hours ago
Chinese Hackers Exploiting Check Point's VPN Zero-Day Vulnerability - 3 hours ago
Nakivo Backup & Replication Tool Vulnerability Allows Attackers to Read Arbitrary Files - 4 hours ago
Hacker behind over 90 high-profile data leaks worldwide arrested in Thailand | The Record from Recorded Future News - 4 hours ago
Poco RAT Malware Exploits PDF Files to Infiltrate Systems and Steal Data - 4 hours ago
Njrat Attacking Users Abusing Microsoft Dev Tunnels for C2 Communications - 5 hours ago
New Pass-the-Cookie Attack Bypass Microsoft 365 & YouTube MFA Logins - 5 hours ago
PingAM Java Agent Vulnerability Let Attackers Gain Unauthorized Access - 6 hours ago
Lynx Ransomware Attacking Organizations to Exfiltrate Sensitive Data - 7 hours ago
1.6 Million Android TVs Worldwide Hacked by Vo1d Botnet - 8 hours ago
New GitHub Scam With Thousand of “mods" & "cracks" Steal Your Data - 9 hours ago
260 Domains Hosting 5,000 Weaponized PDF Files Attacking Users - 9 hours ago
Wallbleed Exposes Memory Vulnerability in China’s Great Firewall DNS System - 9 hours ago
18 Best Web Filtering Solutions - 2025 - 10 hours ago
DeepSeek Data Leak - 12,000 Hardcoded Live API keys and Passwords Exposed - 14 hours ago
Vo1d malware botnet grows to 1.6 million Android TVs worldwide - 18 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
Kimsuky - 1 year ago
23andMe - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Microsoft to shut down Skype, Here is the Deadline - 32 minutes ago
Serbian police used Cellebrite zero-day hack to unlock Android phones - 1 hour ago
Microsoft confirms it's killing off Skype in May, after 14 years - 2 hours ago
Chinese Hackers Exploiting Check Point's VPN Zero-Day Vulnerability - 3 hours ago
Nakivo Backup & Replication Tool Vulnerability Allows Attackers to Read Arbitrary Files - 4 hours ago
Hacker behind over 90 high-profile data leaks worldwide arrested in Thailand | The Record from Recorded Future News - 4 hours ago
Poco RAT Malware Exploits PDF Files to Infiltrate Systems and Steal Data - 4 hours ago
Njrat Attacking Users Abusing Microsoft Dev Tunnels for C2 Communications - 5 hours ago
New Pass-the-Cookie Attack Bypass Microsoft 365 & YouTube MFA Logins - 5 hours ago
PingAM Java Agent Vulnerability Let Attackers Gain Unauthorized Access - 6 hours ago
Lynx Ransomware Attacking Organizations to Exfiltrate Sensitive Data - 7 hours ago
1.6 Million Android TVs Worldwide Hacked by Vo1d Botnet - 8 hours ago
New GitHub Scam With Thousand of “mods" & "cracks" Steal Your Data - 9 hours ago
260 Domains Hosting 5,000 Weaponized PDF Files Attacking Users - 9 hours ago
Wallbleed Exposes Memory Vulnerability in China’s Great Firewall DNS System - 9 hours ago
18 Best Web Filtering Solutions - 2025 - 10 hours ago
DeepSeek Data Leak - 12,000 Hardcoded Live API keys and Passwords Exposed - 14 hours ago
CVE-2018-9994 - 1 year ago
CVE-2018-9329 - 1 year ago
CVE-2018-9324 - 1 year ago