Lucene search

K

13 matches found

CVE
CVE
added 2018/08/23 10:29 p.m.58 views

CVE-2018-3911

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, ...

8.6CVSS8.6AI score0.00837EPSS
CVE
CVE
added 2018/08/28 8:29 p.m.57 views

CVE-2018-3916

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can s...

7.8CVSS8.3AI score0.00161EPSS
CVE
CVE
added 2018/08/23 10:29 p.m.56 views

CVE-2018-3856

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTT...

9.9CVSS9.6AI score0.01626EPSS
CVE
CVE
added 2018/08/27 3:29 p.m.51 views

CVE-2018-3927

An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the bac...

6.8CVSS5.5AI score0.00371EPSS
CVE
CVE
added 2018/08/27 3:29 p.m.48 views

CVE-2018-3918

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation...

7.5CVSS7.6AI score0.00988EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.47 views

CVE-2018-3908

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method...

9.1CVSS8AI score0.00423EPSS
CVE
CVE
added 2018/08/27 3:29 p.m.46 views

CVE-2018-3904

An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on t...

9.9CVSS9.6AI score0.00377EPSS
CVE
CVE
added 2018/08/23 10:29 p.m.44 views

CVE-2018-3872

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer o...

9.9CVSS9.6AI score0.00377EPSS
CVE
CVE
added 2018/08/23 10:29 p.m.44 views

CVE-2018-3880

An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, lea...

9.9CVSS9.6AI score0.00287EPSS
CVE
CVE
added 2018/08/28 7:29 p.m.43 views

CVE-2018-3895

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily lo...

9.9CVSS8.8AI score0.00222EPSS
CVE
CVE
added 2018/08/23 10:29 p.m.42 views

CVE-2018-3866

An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on t...

9.9CVSS9.6AI score0.00483EPSS
CVE
CVE
added 2017/06/27 8:29 p.m.34 views

CVE-2015-7895

Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).

5.5CVSS5.5AI score0.00288EPSS
CVE
CVE
added 2017/06/27 8:29 p.m.29 views

CVE-2015-7898

Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).

5.5CVSS5.4AI score0.00161EPSS