149 matches found
CVE-2022-36829
Summary of findings (CVE-2022-36829) : The vulnerability affects Charm by Samsung, in the releaseAlarm function. It is a PendingIntent hijacking issue that allows local attackers to access files without permission via implicit intents on versions prior to 1.2.3 . The root cause is a flaw in how r...
CVE-2022-36829
PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent...
CVE-2022-33734
Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission...
CVE-2022-33734
CVE-2022-33734 affects Samsung Charm prior to version 1.2.3. The vulnerability is a sensitive information exposure in onCharacteristicChanged that can allow an attacker to obtain Bluetooth connection information without permission. Multiple sources corroborate this description across Red Hat and ...
CVE-2022-33733
Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission...
CVE-2022-33733
CVE-2022-33733 concerns Charm by Samsung prior to version 1.2.3 , where the vulnerability arises from an improper access control in the function onCharacteristicRead . This allows a local attacker to obtain bluetooth connection information without permission, exposing sensitive data. The Red Hat ...
PT-2022-21851 · Samsung · Charm
Name of the Vulnerable Software and Affected Versions: Charm by Samsung versions prior to 1.2.3 Description: The issue allows an attacker to obtain Bluetooth connection information without permission due to sensitive information exposure in the onCharacteristicChanged function. Recommendations: F...
PT-2022-23633 · Samsung · Charm
Name of the Vulnerable Software and Affected Versions: Charm by Samsung versions prior to 1.2.3 Description: The issue allows local attackers to access files without permission via implicit intent, exploiting a PendingIntent hijacking vulnerability in the releaseAlarm function. Recommendations: F...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung, including cell phones, tablets, and more. A security vulnerability exists in SAMSUNG Mobile devices Charm versions prior to 1.2.3, which stems from a PendingIntent hijacking vulnerability in...
PT-2022-23640 · Samsung · Charm
Name of the Vulnerable Software and Affected Versions: Charm by Samsung versions prior to 1.2.3 Description: The issue allows attackers to read the connection state without permission due to an unprotected provider vulnerability. Recommendations: For versions prior to 1.2.3, update to version 1.2...
PT-2022-21850 · Samsung · Charm
Name of the Vulnerable Software and Affected Versions: Charm by Samsung versions prior to 1.2.3 Description: The issue allows an attacker to expose sensitive information, specifically bluetooth connection information, without permission through the onCharacteristicRead function. Recommendations:...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices Charm prior to version 1.2.3, which stems from an unprotected program vulnerability that can ...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices Charm versions prior to 1.2.3, which originates from the disclosure of sensitive information ...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. A security vulnerability exists in SAMSUNG Mobile devices Charm versions prior to 1.2.3, which stems from a PendingIntent hijacking vulnerability i...
PT-2022-23634 · Samsung · Charm
Name of the Vulnerable Software and Affected Versions: Charm by Samsung versions prior to 1.2.3 Description: The issue allows local attackers to access files without permission via implicit intent, exploiting a PendingIntent hijacking vulnerability in the cancelAlarmManager function...
Server-Side Request Forgery in charm
We've discovered a vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched in https://github.com/charmbracelet/charm/commit/3c90668f955c7ce5ef721e4fc9faee7053232fd3 and is available in...
GHSA-4WPP-W5R4-7V5V Server-Side Request Forgery in charm
We've discovered a vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched in https://github.com/charmbracelet/charm/commit/3c90668f955c7ce5ef721e4fc9faee7053232fd3 and is available in...
Privilege Escalation
github.com/charmbracelet/charm is vulnerable to privilege escalation. The vulnerability exists in the handlePostFile function in http.go due to the lack of sanitization in HTTP requests which allows an attacker to access the server...
CVE-2022-29180
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...
Design/Logic Flaw
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...