CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33734
https://notcve.org/view.php?id=CVE-2022-33734
05 Aug 2022 — Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. Una exposición de información confidencial en onCharacteristicChanged en Charm by Samsung versiones anteriores a 1.2.3, permite al atacante obtener información de la conexión bluetooth sin permiso • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08 • CWE-927: Use of Implicit Intent for Sensitive Communication •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33733
https://notcve.org/view.php?id=CVE-2022-33733
05 Aug 2022 — Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. Una exposición de información confidencial en onCharacteristicRead en Charm by Samsung versiones anteriores a 1.2.3, permite a un atacante obtener información de la conexión bluetooth sin permiso • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08 • CWE-927: Use of Implicit Intent for Sensitive Communication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29180 – Charm vulnerable to server-side request forgery (SSRF)
https://notcve.org/view.php?id=CVE-2022-29180
07 May 2022 — A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched and is available in release [v0.12.1](https://github.com/charmbracelet/charm/releases/tag/v0.12.1). We recommend that all users running self-hosted `charm` instances update immediately. This vulnerability was found in-house and we haven't been notified of any potential exploiters. ### Additional notes * Encrypted user data uploaded to the Cha... • https://github.com/charmbracelet/charm/commit/3c90668f955c7ce5ef721e4fc9faee7053232fd3 • CWE-918: Server-Side Request Forgery (SSRF) •