15 matches found
EUVD-2022-39530
Malicious code in bioql PyPI...
CVE-2022-36830
PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent...
CVE-2022-29180
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...
CVE-2021-37588
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...
CVE-2022-36836
Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission...
PT-2022-23640 · Samsung · Charm
Name of the Vulnerable Software and Affected Versions: Charm by Samsung versions prior to 1.2.3 Description: The issue allows attackers to read the connection state without permission due to an unprotected provider vulnerability. Recommendations: For versions prior to 1.2.3, update to version 1.2...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices Charm versions prior to 1.2.3, which originates from the disclosure of sensitive information ...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. A security vulnerability exists in SAMSUNG Mobile devices Charm versions prior to 1.2.3, which stems from a PendingIntent hijacking vulnerability i...
PT-2022-21851 · Samsung · Charm
Name of the Vulnerable Software and Affected Versions: Charm by Samsung versions prior to 1.2.3 Description: The issue allows an attacker to obtain Bluetooth connection information without permission due to sensitive information exposure in the onCharacteristicChanged function. Recommendations: F...
PT-2022-23634 · Samsung · Charm
Name of the Vulnerable Software and Affected Versions: Charm by Samsung versions prior to 1.2.3 Description: The issue allows local attackers to access files without permission via implicit intent, exploiting a PendingIntent hijacking vulnerability in the cancelAlarmManager function...
GHSA-4WPP-W5R4-7V5V Server-Side Request Forgery in charm
We've discovered a vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched in https://github.com/charmbracelet/charm/commit/3c90668f955c7ce5ef721e4fc9faee7053232fd3 and is available in...
Privilege Escalation
github.com/charmbracelet/charm is vulnerable to privilege escalation. The vulnerability exists in the handlePostFile function in http.go due to the lack of sanitization in HTTP requests which allows an attacker to access the server...
CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF)
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...
CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF)
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...
CVE-2021-37587
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...