Skip to main content

Charm

5 CVEs product

Monthly

CVE-2022-33734 MEDIUM This Month

Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-33733 LOW Monitor

Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-29180 Go CRITICAL PATCH Act Now

A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Docker Charm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-37588 MEDIUM This Month

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Charm
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2021-37587 MEDIUM PATCH This Month

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Charm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
EPSS 0% CVSS 5.5
MEDIUM This Month

Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Docker Charm
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM This Month

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Charm
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Charm
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy