Vulnerabilities > Out-of-bounds Write

DATE CVE VULNERABILITY TITLE RISK
2018-08-23 CVE-2018-3912 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack.
local
low complexity
samsung CWE-787
7.8
7.8
2018-08-23 CVE-2018-3919 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.
network
low complexity
samsung CWE-787
critical
 9.9
9.9
2018-08-23 CVE-2018-3903 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack.
network
low complexity
samsung CWE-787
critical
 9.9
9.9
2018-08-23 CVE-2018-3902 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.
network
low complexity
samsung CWE-787
critical
 9.9
9.9
2018-08-23 CVE-2018-3867 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.
network
low complexity
samsung CWE-787
critical
 9.9
9.9
2018-08-23 CVE-2018-3863 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack.
network
low complexity
samsung CWE-787
critical
 9.9
9.9
2018-08-21 CVE-2018-6692 Out-of-bounds Write vulnerability in Belkin Wemo Insight Smart Plug Firmware
Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.
network
low complexity
belkin CWE-787
critical
 10.0
10
2018-08-21 CVE-2018-12115 Out-of-bounds Write vulnerability in Nodejs Node.Js
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`.
network
low complexity
nodejs redhat CWE-787
5.0
5.0
2018-08-15 CVE-2018-8403 Out-of-bounds Write vulnerability in Microsoft Edge and Internet Explorer
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
network
high complexity
microsoft CWE-787
7.6
7.6
2018-08-15 CVE-2018-8390 Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore.
network
high complexity
microsoft CWE-787
7.6
7.6