4786 matches found
CVE-2018-3912
CVE-2018-3912 affects Samsung SmartThings Hub STH-ETH-250 firmware 0.20.17. The video-core HTTP server copies database fields from shard into a stack-allocated structure using strcpy without length checks, enabling stack-based buffer overflows (secretKey, plus other fields with varying sizes). An...
CVE-2018-3917
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The...
CVE-2018-3919
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite...
CVE-2018-3917
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The...
Stack overflow
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite...
CVE-2018-3919
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite...
CVE-2018-3917
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The...
PT-2018-16309 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: The issue arises from the insecure extraction of fields from the "shard" table in the SQLite database by the video-core process, leading to a buffer overflow on the stack. This...
PT-2018-16311 · Sqlite Consortium +1 · Sqlite +1
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: A stack-based buffer overflow issue exists in the video-core's HTTP server due to insecure extraction of database fields from the "clips" table of its SQLite database. This can ...
sqlite (>=0.19.7 <=0.21.1), sqlite3-sys (>=0.6.7 <=0.9.2) +3 more potentially affected by unknown CVE via temporary (=0.5.1)
temporary CARGO version =0.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on temporary and may be impacted: - sqlite =0.19.7, =0.6.7, =0.11.0, =0.2.6, =0.2.7 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2018-0022...
Photon OS 1.0: Binutils / Httpd / Mercurial / Mysql / Net / Paramiko / Patch / Pycrypto / Python3 / Sqlite / Strongswan / Xerces PHSA-2018-1.0-0126 (deprecated)
An update of 'paramiko', 'mysql', 'mercurial', 'binutils', 'pycrypto', 'patch', 'sqlite-autoconf', 'httpd', 'python3', 'xerces-c', 'strongswan', 'net-snmp' packages of Photon OS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package...
Photon OS 1.0: Libxslt / Linux / Sqlite PHSA-2017-0025 (deprecated)
An update of linux,sqlite-autoconf,libxslt packages for PhotonOS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0025. The text itself is copyright C...
Build Your Own Botnet: BYOB
BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets, in order to improve their ability ...
Samsung SmartThings Hub video-core HTTP server buffer overflow vulnerability (CNVD-2018-14283)
Samsung SmartThings Hub is a smart home management device from Samsung, South Korea. video-core HTTP server is one of the HTTP servers. A stack buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server in the Samsung SmartThings Hub, which originates...
Samsung SmartThings Hub video-core HTTP server buffer overflow vulnerability (CNVD-2018-14282)
Samsung SmartThings Hub is a smart home management device from Samsung, South Korea. video-core HTTP server is one of the HTTP servers. A stack buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server in the Samsung SmartThings Hub, which originates...
Samsung SmartThings Hub video-core database shard code execution vulnerabilities(CVE-2018-3912 - CVE-2018-3917)
Summary Multiple exploitable stack-based buffer overflow vulnerabilities exist in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub. The video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer...
Samsung SmartThings Hub video-core Database shard.videoHostURL Code Execution Vulnerability(CVE-2018-3906)
Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on th...
Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the database “find-by-cameraId” functionality of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on...
Samsung SmartThings Hub video-core Database clips Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core’s HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the fields from the “clips” table of its SQLite database, leading to a buffer overflow on...
Samsung SmartThings Hub video-core database shard code execution vulnerabilities
Summary Multiple exploitable stack-based buffer overflow vulnerabilities exist in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub. The video-core process insecurely extracts the fields from the “shard” table of its SQLite database, leading to a buffer...