Lucene search
K

5908 matches found

NVD
NVD
added 2018/08/23 3:29 p.m.29 views

CVE-2018-3919

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite...

9.9CVSS8.2AI score0.00946EPSS
Exploits2References1
Prion
Prion
added 2018/08/23 3:29 p.m.20 views

Stack overflow

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite...

9CVSS9.6AI score0.00946EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2018/08/23 3:29 p.m.18 views

Stack overflow

An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera...

9CVSS9.6AI score0.02014EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2018/08/23 3:0 p.m.28 views

CVE-2018-3919

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite...

7.5CVSS9.7AI score0.00946EPSS
Exploits2References1
Cvelist
Cvelist
added 2018/08/23 3:0 p.m.30 views

CVE-2018-3867

An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera...

9.9CVSS9.7AI score0.02014EPSS
Exploits2References1
NVD
NVD
added 2018/08/23 2:29 p.m.27 views

CVE-2018-3833

An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed...

8.6CVSS7.8AI score0.01119EPSS
Exploits2References1
CVE
CVE
added 2018/08/23 2:0 p.m.56 views

CVE-2018-3833

CVE-2018-3833 affects Insteon Hub (firmware 1013). The firmware upgrade flow fetches signed firmware over plain HTTP and does not verify that the new image is newer than the installed one, enabling an attacker (MITM impersonating cache.insteon.com) to flash older firmware. TALOS research notes mi...

8.6CVSS7.5AI score0.01119EPSS
Exploits2References1Affected Software1
Amazon
Amazon
added 2018/08/21 12:0 a.m.112 views

Medium: httpd

Issue Overview: By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.33. CVE-2018-8011 Affected Packages: httpd Note: This...

7.5CVSS7.9AI score0.51714EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/08/20 12:0 a.m.61 views

openSUSE Security Update : apache2 (openSUSE-2018-907)

This update for apache2 fixes the following issues : The following security vulnerabilities were fixed : - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. - CVE-2018-8011: Fixed a NULL pointer dereference in...

7.5CVSS6.7AI score0.51714EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2018/08/19 3:9 p.m.219 views

Security update for apache2 (moderate)

This update for apache2 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. - CVE-2018-8011: Fixed a null pointer dereference in modm...

0.3AI score0.51714EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2018/08/18 12:0 a.m.4 views

PT-2018-2958 · Embedthis · Appweb +1

Name of the Vulnerable Software and Affected Versions: Embedthis GoAhead versions prior to 4.0.1 Embedthis Appweb versions prior to 7.0.2 Description: The issue is related to errors in processing HTTP requests. It may allow a remote attacker to cause a denial of service. This can be achieved by...

7.8CVSS7.3AI score0.02227EPSS
Exploits1References9
OSV
OSV
added 2018/08/17 4:21 p.m.15 views

SUSE-SU-2018:2424-1 Security update for apache2

This update for apache2 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. - CVE-2018-8011: Fixed a null pointer dereference in modm...

7.5CVSS7.8AI score0.51714EPSS
Exploits0References5
Citrix
Citrix
added 2018/08/09 12:0 a.m.9 views

How to enable "Drop Invalid HTTP Requests" from default HTTP Parameters

This article provides instructions onHow to enable "Drop Invalid HTTP Requests" from default HTTP Parameters...

7AI score
Exploits0
OSV
OSV
added 2018/08/06 9:29 p.m.3 views

CVE-2017-16252

Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd...

8.1CVSS6.4AI score0.01204EPSS
Exploits1References1
Prion
Prion
added 2018/08/02 7:29 p.m.18 views

Xxe

An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP...

5.5CVSS7.6AI score0.01192EPSS
Exploits0References1
NVD
NVD
added 2018/08/02 7:29 p.m.26 views

CVE-2017-16349

An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP...

8.1CVSS6.6AI score0.01192EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/08/02 7:0 p.m.19 views

CVE-2018-3834

An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going t...

8.7CVSS7.3AI score0.00512EPSS
Exploits2References1
Debian CVE
Debian CVE
added 2018/08/01 4:0 p.m.24 views

CVE-2016-9579

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches...

7.5CVSS6.8AI score0.04396EPSS
Exploits1
OSV
OSV
added 2018/08/01 1:29 p.m.30 views

CVE-2018-1999032

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...

6.5CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2018/08/01 1:29 p.m.15 views

Design/Logic Flaw

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...

4CVSS6.3AI score0.01019EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder