Filtered by vendor Samsung
Subscribe
Search
Total
69 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3866 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-10-29 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability. | |||||
| CVE-2018-3872 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-10-29 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-3863 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-10-26 | 9.0 HIGH | 9.9 CRITICAL |
| On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "user" value in order to exploit this vulnerability. | |||||
| CVE-2018-3903 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-10-26 | 9.0 HIGH | 9.9 CRITICAL |
| On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512 bytes. An attacker can send an arbitrarily long "url" value in order to overwrite the saved-PC with 0x42424242. | |||||
| CVE-2018-3878 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-10-26 | 9.0 HIGH | 9.9 CRITICAL |
| Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability. | |||||
| CVE-2018-3902 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-10-26 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-3917 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-10-26 | 9.0 HIGH | 9.9 CRITICAL |
| On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability. | |||||
| CVE-2018-3925 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-10-26 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An attacker able to impersonate the remote HTTP servers could trigger this vulnerability. | |||||
| CVE-2018-3905 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2018-10-22 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the "state" field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-9139 | 1 Samsung | 1 Samsung Mobile | 2018-04-19 | 10.0 HIGH | 9.8 CRITICAL |
| On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165. | |||||
| CVE-2015-1801 | 1 Samsung | 2 Galaxy S4, Galaxy S4 Firmware | 2017-08-29 | 10.0 HIGH | 9.8 CRITICAL |
| The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges. | |||||
| CVE-2015-5473 | 1 Samsung | 1 Syncthru 6 | 2017-06-12 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver. | |||||
| CVE-2016-2566 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2017-04-21 | 7.5 HIGH | 9.8 CRITICAL |
| Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. | |||||
| CVE-2015-5729 | 1 Samsung | 21 M288ofw, M288ofw Firmware, Nt14u Cn and 18 more | 2017-04-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack. | |||||
| CVE-2017-5538 | 1 Samsung | 1 Samsung Mobile | 2017-03-28 | 10.0 HIGH | 9.8 CRITICAL |
| The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362. | |||||
| CVE-2016-9965 | 1 Samsung | 1 Samsung Mobile | 2016-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7119. | |||||
| CVE-2016-9967 | 1 Samsung | 1 Samsung Mobile | 2016-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7121. | |||||
| CVE-2016-9966 | 1 Samsung | 1 Samsung Mobile | 2016-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7120. | |||||
| CVE-2016-7990 | 2 Google, Samsung | 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542. | |||||