CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33734
https://notcve.org/view.php?id=CVE-2022-33734
Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. Una exposición de información confidencial en onCharacteristicChanged en Charm by Samsung versiones anteriores a 1.2.3, permite al atacante obtener información de la conexión bluetooth sin permiso • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08 • CWE-927: Use of Implicit Intent for Sensitive Communication •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33733
https://notcve.org/view.php?id=CVE-2022-33733
Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. Una exposición de información confidencial en onCharacteristicRead en Charm by Samsung versiones anteriores a 1.2.3, permite a un atacante obtener información de la conexión bluetooth sin permiso • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=08 • CWE-927: Use of Implicit Intent for Sensitive Communication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29180 – Charm vulnerable to server-side request forgery (SSRF)
https://notcve.org/view.php?id=CVE-2022-29180
A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched and is available in release [v0.12.1](https://github.com/charmbracelet/charm/releases/tag/v0.12.1). We recommend that all users running self-hosted `charm` instances update immediately. This vulnerability was found in-house and we haven't been notified of any potential exploiters. ### Additional notes * Encrypted user data uploaded to the Charm server is safe as Charm servers cannot decrypt user data. This includes filenames, paths, and all key-value data. * Users running the official Charm [Docker images](https://github.com/charmbracelet/charm/blob/main/docker.md) are at minimal risk because the exploit is limited to the containerized filesystem. • https://github.com/charmbracelet/charm/commit/3c90668f955c7ce5ef721e4fc9faee7053232fd3 https://github.com/charmbracelet/charm/security/advisories/GHSA-4wpp-w5r4-7v5v • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37587
https://notcve.org/view.php?id=CVE-2021-37587
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. En Charm versión 0.43, cualquier usuario puede descifrar datos DAC-MACS o MA-ABE-YJ14 • https://eprint.iacr.org/2020/460 https://github.com/JHUISI/charm/issues/276 https://jhuisi.github.io/charm/_modules/abenc_maabe_yj14.html https://jhuisi.github.io/charm/charm/schemes/abenc/abenc_dacmacs_yj14.html https://www2.hci.uni-hannover.de/papers/Tan2019.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37588
https://notcve.org/view.php?id=CVE-2021-37588
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. En Charm versión 0.43, dos usuarios cualesquiera pueden confabularse para conseguir la habilidad de descifrar los datos de YCT14 • https://eprint.iacr.org/2020/460 https://github.com/JHUISI/charm/blob/dev/charm/schemes/abenc/abenc_yct14.py https://github.com/JHUISI/charm/issues/276 https://www2.hci.uni-hannover.de/papers/Tan2019.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •