CVE-2022-39899
published 2022-12-08CVE-2022-39899: Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen…
PriorityP419medium4.3CVSS 3.1
AVLACLPRNUINSCCNILAN
EPSS
0.10%
0.9th percentile
Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| privatebin | privatebin | >= 1.5.0 < 1.7.4 | 1.7.4 |
| samsung_mobile | samsung_mobile_devices | >= Select Q(10), R(11), S(12), T(13) devices < SMR Dec-2022 Release 1 | SMR Dec-2022 Release 1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
PrivateBin allows shortening of URLs for other domains
ghsa·2024-07-10
CVE-2024-39899 [MEDIUM] CWE-305 PrivateBin allows shortening of URLs for other domains
PrivateBin allows shortening of URLs for other domains
In [v1.5](https://github.com/PrivateBin/PrivateBin/blob/master/CHANGELOG.md#15-2022-12-11) we introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy.
Neither the confidentially of existing pastes on the server nor the configuration options including the YOURLs token are affected.
### Impact
This issue onl
GHSA
GHSA-w3mw-7pp7-5rcf: Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S
ghsa_unreviewed·2022-12-08
CVE-2022-39899 [MEDIUM] CWE-287 GHSA-w3mw-7pp7-5rcf: Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S
Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-08
Published