Filtered by vendor Samsung
Subscriptions
Filtered by product Smartthings
Subscriptions
Total
16 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30746 | 1 Samsung | 1 Smartthings | 2023-06-29 | 7.5 High |
| Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. | ||||
| CVE-2022-39868 | 1 Samsung | 1 Smartthings | 2023-06-27 | 7.5 High |
| Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | ||||
| CVE-2022-39867 | 1 Samsung | 1 Smartthings | 2023-06-27 | 7.5 High |
| Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. | ||||
| CVE-2022-39866 | 1 Samsung | 1 Smartthings | 2023-06-27 | 7.5 High |
| Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | ||||
| CVE-2022-39865 | 1 Samsung | 1 Smartthings | 2023-06-27 | 7.5 High |
| Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | ||||
| CVE-2022-39864 | 1 Samsung | 1 Smartthings | 2023-06-27 | 7.5 High |
| Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. | ||||
| CVE-2022-39869 | 1 Samsung | 1 Smartthings | 2022-10-11 | 7.5 High |
| Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. | ||||
| CVE-2022-39870 | 1 Samsung | 1 Smartthings | 2022-10-11 | 7.5 High |
| Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. | ||||
| CVE-2022-39871 | 1 Samsung | 1 Smartthings | 2022-10-11 | 7.5 High |
| Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. | ||||
| CVE-2021-25378 | 1 Samsung | 1 Smartthings | 2022-09-23 | 5.3 Medium |
| Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service. | ||||
| CVE-2021-25446 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2022-09-23 | 5.3 Medium |
| Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview. | ||||
| CVE-2021-25447 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2022-09-23 | 5.3 Medium |
| Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. | ||||
| CVE-2022-30749 | 1 Samsung | 1 Smartthings | 2022-06-16 | 7.8 High |
| Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity. | ||||
| CVE-2022-30747 | 1 Samsung | 1 Smartthings | 2022-06-14 | 5.5 Medium |
| PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. | ||||
| CVE-2021-25508 | 1 Samsung | 1 Smartthings | 2021-11-09 | 9.8 Critical |
| Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. | ||||
| CVE-2021-25404 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2021-06-21 | 3.3 Low |
| Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. | ||||
Page 1 of 1.