28 matches found
Astra Linux - уязвимость в bluez
Bluetooth HID Hosts in BlueZ may allow an unauthenticated peripheral role HID device to initiate and establish an encrypted connection, and to accept HID keyboard reports. This could potentially allow the injection of HID messages when no user interaction has occurred in the Central role, thereby...
Linux Distros Unpatched Vulnerability : CVE-2026-43051
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: wacom: fix out-of-bounds read in wacomintuosbtirq The wacomintuosbtirq function processes Bluetooth HID reports without sufficient bounds checking. A...
CVE-2026-43051 HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix out-of-bounds read in wacomintuosbtirq The wacomintuosbtirq function processes Bluetooth HID reports without sufficient bounds checking. A maliciously crafted short report can trigger an out-of-bounds read when...
PT-2026-36468
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The wacom intuos bt irq function processes Bluetooth HID reports without sufficient bounds checking. A maliciously crafted short report can trigger an out-of-bounds read—a condition wher...
CVE-2024-34730
In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-63896
An issue in the Bluetooth Human Interface Device HID of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device...
JXL 9 Inch Car Android Double Din Player 安全漏洞
JXL 9 Inch Car Android Double Din Player is an in-car infotainment system from JXL. A security vulnerability exists in JXL 9 Inch Car Android Double Din Player version v12.0, which stems from a Bluetooth HID device that is susceptible to arbitrary keystroke injection attacks...
CVE-2025-63896
An issue in the Bluetooth Human Interface Device HID of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device...
PT-2025-49137
Name of the Vulnerable Software and Affected Versions JXL 9 Inch Car Android Double Din Player Android version 12.0 Description An issue exists in the Bluetooth Human Interface Device HID of the affected product that allows attackers to inject arbitrary keystrokes by using a spoofed Bluetooth HID...
CVE-2025-63896
Technical details (affected components, versions, exploit specifics) for CVE-2025-63896 are not publicly available in the supplied documents. Monitor for updates from vendors and security feeds.
TencentOS Server 4: bluez (TSSA-2024:0357)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0357 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
NewStart CGSL MAIN 7.02 : bluez Vulnerability (NS-SA-2025-0149)
The remote NewStart CGSL host, running version MAIN 7.02, has bluez packages installed that are affected by a vulnerability: - Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports,...
Azure Linux 3.0 Security Update: bluez (CVE-2023-45866)
The version of bluez installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45866 advisory. - Bluetooth HID Hosts in BlueZ May permit an unauthenticated Peripheral role HID Device to initiate and establi...
CVE-2024-34730
In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection and accept HID keyboard reports potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
...
Debian DSA-5584-1 : bluez - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5584 advisory. It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile...
MGASA-2023-0353 Updated bluez packages fix a security vulnerability
This update fixes the following security issue. Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has...
Debian dla-3689 : bluetooth - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3689 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3689-1 [email protected] https://www.debian.org/lts/security/...
Slackware Linux 15.0 / current bluez Vulnerability (SSA:2023-348-01)
The version of bluez installed on the remote host is prior to 5.71. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-348-01 advisory. - Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connectio...
macOS 14.x < 14.2 Multiple Vulnerabilities (HT214036)
The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.2. It is, therefore, affected by multiple vulnerabilities: - Buffer Overflow vulnerability in oneonemapping function in progs/dumpentry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via...