MiracleLinux 9 : bluez-5.72-2.el9 (AXSA:2024-9114:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9114:01 advisory. bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution CVE-2023-45866 BlueZ: Audio Profile AVRCP...

RockyLinux 8 : bluez (RLSA-2025:4043)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:4043 advisory. BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability CVE-2023-27349 bluez: audio profile avrcp...

bluez security update

An update is available for bluez. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The bluez packages contain the following utilities for use in Bluetooth...

TencentOS Server 4: bluez (TSSA-2024:0436)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0436 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0059: bluez (ALINUX3-SA-2025:0059)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0059 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-27349: BlueZ Audio Profile AVRCP...

AlmaLinux 8 : bluez (ALSA-2025:4043)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:4043 advisory. BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability CVE-2023-27349 bluez: audio profile avrcp...

Updated bluez packages fix security vulnerabilities

BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. CVE-2023-44431 BlueZ Audio Profile AVRCP avrcpparseattributelist Out-Of-Bounds Read Information Disclosure Vulnerability. CVE-2023-51580 BlueZ Audio Profile AVRCP parsemediaelement Out-Of-Bounds Read...

RockyLinux 9 : bluez (RLSA-2024:9413)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9413 advisory. bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution CVE-2023-45866 BlueZ: Audio Profile AVRCP Improper...

USN-7265-1: BlueZ vulnerabilities

Julian Rauchberger discovered that BlueZ did not correctly handle certain memory operations. An attacker could possibly use this issue to leak sensitive information or execute arbitrary code. CVE-2019-8921, CVE-2019-8922...

Ubuntu 16.04 LTS : BlueZ vulnerabilities (USN-7265-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7265-1 advisory. Julian Rauchberger discovered that BlueZ did not correctly handle certain memory operations. An attacker could possibly use this issue to leak sensitive...

USN-7222-1: BlueZ vulnerabilities

Lucas Leong discovered that BlueZ incorrectly handled the Phone Book Access profile. If a user were tricked into connecting to a malicious Bluetooth device, a remote attacker could possibly use this issue to execute arbitrary code...

Ubuntu 20.04 LTS / 22.04 LTS : BlueZ vulnerabilities (USN-7222-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7222-1 advisory. Lucas Leong discovered that BlueZ incorrectly handled the Phone Book Access profile. If a user were tricked into connecting to a malicious...

RHEL 9 : bluez (RHSA-2024:9413)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9413 advisory. The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, sta...

Debian dla-3879 : bluetooth - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3879 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3879-1 [email protected]...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : BlueZ vulnerabilities (USN-6809-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6809-1 advisory. It was discovered that BlueZ could be made to dereference invalid memory. An attacker could possibly use this issue t...

RHEL 7 : bluez (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS o...

SUSE-SU-2023:0166-1 Security update for bluez

This update for bluez fixes the following issues: - CVE-2022-39176: Fixed a memory safety issue that could allow physically proximate attackers to obtain sensitive information bsc1203121. - CVE-2022-39177: Fixed a memory safety issue that could allow physically proximate attackers to cause a deni...

USN-5481-1 bluez vulnerabilities

It was discovered that BlueZ incorrectly validated certain capabilities and lengths when handling the A2DP profile. A remote attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code...

Ubuntu 16.04 ESM : BlueZ vulnerabilities (USN-4989-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4989-2 advisory. USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the precedin...

USN-4989-1: BlueZ vulnerabilities

It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. CVE-2020-26558 Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to caus...