Filtered by vendor Samsung
Subscriptions
Total
1082 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3874 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-17 | 9.9 Critical |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability. | ||||
| CVE-2018-3926 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-17 | 5.5 Medium |
| An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2012-3290 | 3 Acer, Google, Samsung | 6 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 3 more | 2024-09-17 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack vectors. | ||||
| CVE-2018-3919 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 9.9 Critical |
| An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability. | ||||
| CVE-2013-3585 | 1 Samsung | 2 Dvr, Smart Viewer | 2024-09-16 | N/A |
| Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page. | ||||
| CVE-2018-3907 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 10.0 Critical |
| An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'on_url' callback. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2012-6337 | 1 Samsung | 4 Galaxy Note 2, Galaxy S, Galaxy S2 and 1 more | 2024-09-16 | N/A |
| The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data. | ||||
| CVE-2018-3915 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 8.2 High |
| An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability. | ||||
| CVE-2013-3964 | 1 Samsung | 2 Shr-5082, Shr-5162 | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2018-3897 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 8.8 High |
| An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "callbackUrl" value in order to exploit this vulnerability. | ||||
| CVE-2018-3872 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 9.9 Critical |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3925 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | N/A |
| An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An attacker able to impersonate the remote HTTP servers could trigger this vulnerability. | ||||
| CVE-2018-3904 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 9.9 Critical |
| An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3873 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 9.9 Critical |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability. | ||||
| CVE-2011-4719 | 3 Acer, Google, Samsung | 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more | 2024-09-16 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | ||||
| CVE-2012-6422 | 2 Meizu, Samsung | 3 Mx, Galaxy Note 2, Galaxy S2 | 2024-09-16 | N/A |
| The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse. | ||||
| CVE-2017-17860 | 2 Google, Samsung | 3 Android, Gear S2, Gear S3 | 2024-09-16 | N/A |
| In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone | ||||
| CVE-2018-3916 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 7.8 High |
| An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3911 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 8.6 High |
| An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3902 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 9.9 Critical |
| An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | ||||