Lucene search
K

149 matches found

CVE
CVE
added 2022/08/05 3:16 p.m.72 views

CVE-2022-36829

Summary of findings (CVE-2022-36829) : The vulnerability affects Charm by Samsung, in the releaseAlarm function. It is a PendingIntent hijacking issue that allows local attackers to access files without permission via implicit intents on versions prior to 1.2.3 . The root cause is a flaw in how r...

6.2CVSS5.3AI score0.00169EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/05 3:16 p.m.24 views

CVE-2022-36829

PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent...

6.2CVSS6.4AI score0.00169EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/08/05 3:16 p.m.19 views

CVE-2022-33734

Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission...

6.2CVSS6.4AI score0.00178EPSS
Exploits0References1
CVE
CVE
added 2022/08/05 3:16 p.m.58 views

CVE-2022-33734

CVE-2022-33734 affects Samsung Charm prior to version 1.2.3. The vulnerability is a sensitive information exposure in onCharacteristicChanged that can allow an attacker to obtain Bluetooth connection information without permission. Multiple sources corroborate this description across Red Hat and ...

6.2CVSS5.3AI score0.00178EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/05 3:16 p.m.20 views

CVE-2022-33733

Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission...

6.2CVSS6.4AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2022/08/05 3:16 p.m.57 views

CVE-2022-33733

CVE-2022-33733 concerns Charm by Samsung prior to version 1.2.3 , where the vulnerability arises from an improper access control in the function onCharacteristicRead . This allows a local attacker to obtain bluetooth connection information without permission, exposing sensitive data. The Red Hat ...

6.2CVSS4AI score0.00173EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/05 12:0 a.m.5 views

PT-2022-21851 · Samsung · Charm

Name of the Vulnerable Software and Affected Versions: Charm by Samsung versions prior to 1.2.3 Description: The issue allows an attacker to obtain Bluetooth connection information without permission due to sensitive information exposure in the onCharacteristicChanged function. Recommendations: F...

6.2CVSS5.3AI score0.00178EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/05 12:0 a.m.4 views

PT-2022-23633 · Samsung · Charm

Name of the Vulnerable Software and Affected Versions: Charm by Samsung versions prior to 1.2.3 Description: The issue allows local attackers to access files without permission via implicit intent, exploiting a PendingIntent hijacking vulnerability in the releaseAlarm function. Recommendations: F...

6.2CVSS5.3AI score0.00169EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.5 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung, including cell phones, tablets, and more. A security vulnerability exists in SAMSUNG Mobile devices Charm versions prior to 1.2.3, which stems from a PendingIntent hijacking vulnerability in...

6.2CVSS5.8AI score0.00169EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/05 12:0 a.m.6 views

PT-2022-23640 · Samsung · Charm

Name of the Vulnerable Software and Affected Versions: Charm by Samsung versions prior to 1.2.3 Description: The issue allows attackers to read the connection state without permission due to an unprotected provider vulnerability. Recommendations: For versions prior to 1.2.3, update to version 1.2...

6.2CVSS5.4AI score0.00178EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/05 12:0 a.m.5 views

PT-2022-21850 · Samsung · Charm

Name of the Vulnerable Software and Affected Versions: Charm by Samsung versions prior to 1.2.3 Description: The issue allows an attacker to expose sensitive information, specifically bluetooth connection information, without permission through the onCharacteristicRead function. Recommendations:...

6.2CVSS4AI score0.00173EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.4 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices Charm prior to version 1.2.3, which stems from an unprotected program vulnerability that can ...

6.2CVSS5.8AI score0.00178EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.5 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices Charm versions prior to 1.2.3, which originates from the disclosure of sensitive information ...

6.2CVSS5.8AI score0.00178EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.4 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. A security vulnerability exists in SAMSUNG Mobile devices Charm versions prior to 1.2.3, which stems from a PendingIntent hijacking vulnerability i...

6.2CVSS5.8AI score0.00169EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/05 12:0 a.m.9 views

PT-2022-23634 · Samsung · Charm

Name of the Vulnerable Software and Affected Versions: Charm by Samsung versions prior to 1.2.3 Description: The issue allows local attackers to access files without permission via implicit intent, exploiting a PendingIntent hijacking vulnerability in the cancelAlarmManager function...

6.2CVSS5.3AI score0.00169EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 8:55 p.m.51 views

Server-Side Request Forgery in charm

We've discovered a vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched in https://github.com/charmbracelet/charm/commit/3c90668f955c7ce5ef721e4fc9faee7053232fd3 and is available in...

9.8CVSS8.8AI score0.00745EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 8:55 p.m.20 views

GHSA-4WPP-W5R4-7V5V Server-Side Request Forgery in charm

We've discovered a vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched in https://github.com/charmbracelet/charm/commit/3c90668f955c7ce5ef721e4fc9faee7053232fd3 and is available in...

9.8CVSS7.5AI score0.00745EPSS
Exploits0References4
Veracode
Veracode
added 2022/05/09 7:15 a.m.22 views

Privilege Escalation

github.com/charmbracelet/charm is vulnerable to privilege escalation. The vulnerability exists in the handlePostFile function in http.go due to the lack of sanitization in HTTP requests which allows an attacker to access the server...

9.8CVSS2.8AI score0.00745EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/05/07 4:15 a.m.32 views

CVE-2022-29180

A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...

9.8CVSS0.00745EPSS
Exploits0References2
Prion
Prion
added 2022/05/07 4:15 a.m.20 views

Design/Logic Flaw

A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...

7.5CVSS9.3AI score0.00745EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder