Total
10964 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3912 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability. | |||||
| CVE-2018-3906 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-3904 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-3903 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512 bytes. An attacker can send an arbitrarily long "url" value in order to overwrite the saved-PC with 0x42424242. | |||||
| CVE-2018-3902 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-3893 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-3889 | 1 Pl32 | 1 Photoline | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | |||||
| CVE-2018-3888 | 1 Pl32 | 1 Photoline | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | |||||
| CVE-2018-3887 | 1 Pl32 | 1 Photoline | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | |||||
| CVE-2018-3886 | 1 Pl32 | 1 Photoline | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | |||||
| CVE-2018-3880 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-3871 | 1 Acdsystems | 1 Canvas Draw | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3870. | |||||
| CVE-2018-3870 | 1 Acdsystems | 1 Canvas Draw | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3871. | |||||
| CVE-2018-3868 | 1 Computer-insel | 1 Photoline | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. | |||||
| CVE-2018-3867 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2018-3866 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability. | |||||
| CVE-2018-3863 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "user" value in order to exploit this vulnerability. | |||||
| CVE-2018-3862 | 1 Computer-insel | 1 Photoline | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting | |||||
| CVE-2018-3861 | 1 Computer-insel | 1 Photoline | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. | |||||
| CVE-2018-3860 | 1 Acdsystems | 1 Canvas Draw | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3859. | |||||