Filtered by vendor Samsung
Subscribe
Total
1299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3875 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, which has a size of 2,000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability. | |||||
| CVE-2018-3874 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability. | |||||
| CVE-2018-3873 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability. | |||||
| CVE-2018-3872 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2018-3867 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2018-3866 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability. | |||||
| CVE-2018-3865 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "cameraIp" value in order to exploit this vulnerability. | |||||
| CVE-2018-3864 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "password" value in order to exploit this vulnerability. | |||||
| CVE-2018-3863 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "user" value in order to exploit this vulnerability. | |||||
| CVE-2018-3856 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2018-21076 | 2 Google, Samsung | 3 Android, Exynos 8890, Exynos 8895 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018). | |||||
| CVE-2018-21073 | 2 Google, Samsung | 6 Android, Galaxy S8, Galaxy S8\+ and 3 more | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018). | |||||
| CVE-2018-21058 | 2 Google, Samsung | 4 Android, Exynos 7420, Exynos 8890 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension (CE) is not used. The Samsung ID is SVE-2018-12761 (September 2018). | |||||
| CVE-2018-21054 | 5 Google, Mediatek, Qualcomm and 2 more | 14 Android, M6737t, Msm8909 and 11 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T software. There is an integer underflow with a resultant buffer overflow in eCryptFS. The Samsung ID is SVE-2017-11857 (September 2018). | |||||
| CVE-2018-21043 | 2 Google, Samsung | 2 Android, Exynos 9810 | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of logging. The Samsung ID is SVE-2018-13035 (December 2018). | |||||
| CVE-2018-21040 | 2 Google, Samsung | 2 Android, Exynos 9810 | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The Samsung ID is SVE-2018-12959 (December 2018). | |||||
| CVE-2018-20135 | 1 Samsung | 1 Galaxy Apps | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071. | |||||
| CVE-2018-17969 | 1 Samsung | 2 Scx-6545x, Scx-6545x Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests. | |||||
| CVE-2018-16272 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||
| CVE-2018-16271 | 1 Samsung | 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. | |||||