Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-23 | CVE-2018-3919 | Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. | 9.9 |
| 2018-08-23 | CVE-2018-3917 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. | 9.9 |
| 2018-08-23 | CVE-2018-3905 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. | 9.9 |
| 2018-08-23 | CVE-2018-3903 | Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. | 9.9 |
| 2018-08-23 | CVE-2018-3902 | Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. | 9.9 |
| 2018-08-23 | CVE-2018-3879 | SQL Injection vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. | 8.8 |
| 2018-08-23 | CVE-2018-3878 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. | 9.9 |
| 2018-08-23 | CVE-2018-3867 | Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. | 9.9 |
| 2018-08-23 | CVE-2018-3863 | Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. | 9.9 |
| 2018-08-03 | CVE-2018-14908 | Cross-Site Request Forgery (CSRF) vulnerability in Samsung Syncthru web Service 4.05.61 Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. | 8.8 |