Skip to main content
CVE-2018-3880 CRITICAL POC Act Now

An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2018-3872 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3866 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.5%
CVE-2018-3856 CRITICAL POC Act Now

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Command Injection Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
3.4%
CVE-2018-3925 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.0
9.9
EPSS
1.5%
CVE-2018-3919 CRITICAL POC Act Now

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2018-3917 CRITICAL POC Act Now

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2018-3905 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.5%
CVE-2018-3903 CRITICAL POC Act Now

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3902 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3878 CRITICAL POC Act Now

Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.5%
CVE-2018-3867 CRITICAL POC Act Now

An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
2.0%
CVE-2018-3863 CRITICAL POC Act Now

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.7%
CVE-2018-1156 HIGH POC This Week

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Memory Corruption RCE Buffer Overflow Routeros
NVD
CVSS 3.0
8.8
EPSS
7.4%
CVE-2018-3879 HIGH POC This Week

An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2018-15748 HIGH POC This Week

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell Information Disclosure Brute Force 2335Dn Engine Firmware 2335Dn Network Firmware +1
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-3911 HIGH POC This Week

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.6
EPSS
1.2%
CVE-2018-15685 HIGH POC PATCH THREAT This Week

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Electron
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
10.4%
CVE-2018-3912 HIGH POC This Week

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-3833 HIGH POC This Week

An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hub 2245 222 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2018-1159 MEDIUM POC This Month

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Buffer Overflow Routeros
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-1158 MEDIUM POC This Month

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-1157 MEDIUM POC This Month

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD
CVSS 3.0
6.5
EPSS
4.4%
CVE-2018-15808 CRITICAL Act Now

POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Evo
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-14786 CRITICAL Act Now

Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alaris Gs Firmware Alaris Gh Firmware Alaris Cc Firmware Alaris Tiva Firmware
NVD
CVSS 3.0
9.4
EPSS
3.1%
CVE-2018-3832 CRITICAL Act Now

An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Hub 2245 222 Firmware
NVD
CVSS 3.1
9.0
EPSS
1.7%
CVE-2018-15804 HIGH This Week

An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mapr
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-8028 HIGH PATCH This Week

An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Apache Sentry
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-15807 HIGH This Week

POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Evo
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-14797 HIGH This Week

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deltav
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2018-14791 HIGH This Week

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deltav
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-15822 HIGH PATCH This Week

The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ffmpeg Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2018-1999043 HIGH PATCH This Week

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-6558 MEDIUM PATCH This Month

The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fscrypt
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-1999047 MEDIUM PATCH This Month

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-1999044 MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-15809 MEDIUM This Month

AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Accupos
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-1999045 MEDIUM PATCH This Month

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-1999042 MEDIUM PATCH This Month

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization
NVD
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-1999046 MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure
NVD
CVSS 3.0
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy