Vulnerabilities > Samsung > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-28 | CVE-2018-3895 | Classic Buffer Overflow vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. | 8.8 |
| 2018-08-27 | CVE-2018-3918 | Improper Enforcement of Message or Data Structure vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. | 7.5 |
| 2018-08-27 | CVE-2018-3893 | Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. | 8.8 |
| 2018-08-24 | CVE-2018-3909 | HTTP Request Smuggling vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. | 8.6 |
| 2018-08-23 | CVE-2018-3911 | HTTP Response Splitting vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. | 8.6 |
| 2018-08-23 | CVE-2018-3912 | Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. | 7.8 |
| 2018-08-23 | CVE-2018-3879 | SQL Injection vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. | 8.8 |
| 2018-08-03 | CVE-2018-14908 | Cross-Site Request Forgery (CSRF) vulnerability in Samsung Syncthru web Service 4.05.61 Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. | 8.8 |
| 2018-03-30 | CVE-2018-9142 | Improper Input Validation vulnerability in Samsung Mobile On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932. | 7.0 |
| 2018-03-30 | CVE-2018-9141 | Improper Input Validation vulnerability in Samsung Mobile On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105. | 7.8 |