6 Reasons Security Awareness Programs Go Wrong
From DHS/US-CERT’s National Vulnerability Database CVE-2018-3907
PUBLISHED: 2018-08-24
An exploitable vulnerability exists in the REST parser of video-core’s HTTP server of the Samsung SmartThings Hub STH-ETH-250 – Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP metho…
CVE-2018-3909
PUBLISHED: 2018-08-24
An exploitable vulnerability exists in the REST parser of video-core’s HTTP server of the Samsung SmartThings Hub STH-ETH-250 – Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP metho…
CVE-2018-15822
PUBLISHED: 2018-08-23
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure.
CVE-2018-3856
PUBLISHED: 2018-08-23
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 – Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP…
CVE-2018-3866
PUBLISHED: 2018-08-23
An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core’s HTTP server of Samsung SmartThings Hub STH-ETH-250 – Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on th…
Read More HERE