Lucene search
K

522 matches found

CVE
CVE
added 2018/08/27 3:0 p.m.66 views

CVE-2018-3904

CVE-2018-3904 is a buffer overflow in Samsung SmartThings Hub STH-ETH-250, triggered by user-controlled JSON in the video-core HTTP server when handling PATCH /cameras/ requests. The vulnerable code copies a parameter value (url or state) into a 512-byte stack buffer using memcpy with length deri...

9.9CVSS9.6AI score0.01753EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2018/08/27 3:0 p.m.33 views

CVE-2018-3918

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync'...

6.5CVSS7.7AI score0.00989EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2018/08/27 12:0 a.m.5 views

PT-2018-16296 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17 Description: A buffer overflow issue exists in the camera 'update' feature of the video-core's HTTP server. This occurs because the video-core process incorrectly extracts fields...

9.9CVSS9.6AI score0.01753EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2018/08/27 12:0 a.m.5 views

PT-2018-16286 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: A buffer overflow issue exists due to the incorrect extraction of fields from a user-controlled JSON payload in the video-core process of the Samsung SmartThings Hub's HTTP...

9.9CVSS9.3AI score0.01804EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2018/08/27 12:0 a.m.6 views

PT-2018-16310 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: An issue exists in the remote servers of Samsung SmartThings Hub where the hubCore process listens on port 39500 and relays unauthenticated messages. The servers incorrectly...

7.5CVSS6.7AI score0.00989EPSS
Exploits2References3
Prion
Prion
added 2018/08/24 12:29 a.m.16 views

Cross site request forgery (csrf)

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

6.4CVSS8.9AI score0.01251EPSS
Exploits3References1Affected Software1
OSV
OSV
added 2018/08/24 12:29 a.m.4 views

CVE-2018-3909

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

8.6CVSS5.8AI score0.01251EPSS
Exploits3References1
NVD
NVD
added 2018/08/24 12:29 a.m.21 views

CVE-2018-3909

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

9.1CVSS8.6AI score0.01251EPSS
Exploits3References1
NVD
NVD
added 2018/08/24 12:29 a.m.19 views

CVE-2018-3907

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

10CVSS9.3AI score0.01435EPSS
Exploits3References1
OSV
OSV
added 2018/08/24 12:29 a.m.4 views

CVE-2018-3907

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

10CVSS5.8AI score0.01435EPSS
Exploits3References1
Prion
Prion
added 2018/08/24 12:29 a.m.16 views

Cross site request forgery (csrf)

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

6.4CVSS9.3AI score0.01435EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2018/08/24 12:0 a.m.56 views

CVE-2018-3909

CVE-2018-3909 affects Samsung SmartThings Hub STH-ETH-250 firmware 0.20.17. The vulnerability lies in video-core’s REST HTTP server using http-parser, where pipelined HTTP requests can cause subsequent requests to overwrite the previously parsed method (on_message_complete) and other data. This e...

9.1CVSS8.8AI score0.01251EPSS
Exploits3References1Affected Software1
Positive Technologies
Positive Technologies
added 2018/08/24 12:0 a.m.3 views

PT-2018-16301 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17 Description: The issue exists in the REST parser of the video-core's HTTP server, where it incorrectly handles pipelined HTTP requests. This allows successive requests to overwrit...

9.1CVSS8.7AI score0.01251EPSS
Exploits3References2
Cvelist
Cvelist
added 2018/08/24 12:0 a.m.21 views

CVE-2018-3909

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

9.1CVSS9AI score0.01251EPSS
Exploits3References1
Cvelist
Cvelist
added 2018/08/24 12:0 a.m.23 views

CVE-2018-3907

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...

9.1CVSS9.4AI score0.01435EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2018/08/24 12:0 a.m.4 views

PT-2018-16299 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17 Description: The issue arises from the incorrect handling of pipelined HTTP requests by the video-core process in the Samsung SmartThings Hub's HTTP server. This allows successive...

10CVSS9AI score0.01435EPSS
Exploits3References2
CVE
CVE
added 2018/08/24 12:0 a.m.57 views

CVE-2018-3907

CVE-2018-3907 (and related CVEs 3908/3909) affects Samsung SmartThings Hub video-core HTTP server on STH-ETH-250 firmware 0.20.17. The REST parser mishandles pipelined HTTP requests, causing successive requests to overwrite the previously parsed URL/method/body via the on_url, on_body, and on_mes...

10CVSS9.2AI score0.01435EPSS
Exploits3References1Affected Software1
OSV
OSV
added 2018/08/23 10:29 p.m.5 views

CVE-2018-3866

An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on...

9.9CVSS6.1AI score0.01534EPSS
Exploits2References1
OSV
OSV
added 2018/08/23 10:29 p.m.4 views

CVE-2018-3911

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages...

8.6CVSS5.8AI score0.01223EPSS
Exploits2References1
Prion
Prion
added 2018/08/23 10:29 p.m.17 views

Buffer overflow

An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on...

9CVSS9.6AI score0.01534EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder