Lucene search
K

366 matches found

OSV
OSV
added 2021/10/19 11:15 p.m.7 views

CVE-2021-3454

Truncated L2CAP K-frame causes assertion failure. Zephyr versions = 2.4.0, = v.2.50 contain Improper Handling of Length Parameter Inconsistency CWE-130, Reachable Assertion CWE-617. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3...

7.5CVSS7.3AI score0.0093EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2021/02/10 12:0 a.m.51 views

USN-4680-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service syste...

8.2CVSS7.9AI score0.06692EPSS
Exploits10Affected Software1
Positive Technologies
Positive Technologies
added 2021/01/12 12:0 a.m.4 views

PT-2021-1809 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an impersonation vulnerability in the Passkey Entry Protocol of the Bluetooth service in Windows operating systems. This vulnerability is associated with...

7.7CVSS6.9AI score0.01208EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2021/01/11 12:0 a.m.36 views

Ubuntu: Security Advisory (USN-4680-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.2AI score0.06692EPSS
Exploits10References2
Ubuntu
Ubuntu
added 2021/01/06 3:41 a.m.187 views

USN-4680-1: Linux kernel vulnerabilities

It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service system crash. CVE-2019-19770 It was discovered that a race condition existed in the binder IPC...

8.2CVSS7.2AI score0.06692EPSS
Exploits10
OpenVAS
OpenVAS
added 2020/12/14 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-4658-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.06692EPSS
Exploits7References3
Ubuntu
Ubuntu
added 2020/12/13 10:41 p.m.160 views

USN-4658-2: Linux kernel regression

USN-4658-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. Original advisory details: It was discovered that a race condition existe...

7.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2020/12/13 9:0 p.m.177 views

USN-4659-2: Linux kernel regression

USN-4659-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. Original advisory details: It was discovered that a race condition existe...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/12/13 12:0 a.m.30 views

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel regression (USN-4658-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4658-2 advisory. USN-4658-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with...

5.9AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/12/02 12:0 a.m.37 views

Ubuntu: Security Advisory (USN-4658-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.4AI score0.06692EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2020/12/02 12:0 a.m.74 views

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4657-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4657-1 advisory. Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attack...

7.8CVSS7.9AI score0.06692EPSS
Exploits11References13
RedHat Linux
RedHat Linux
added 2020/11/04 2:19 a.m.6 views

kernel: Red Hat only CVE-2020-12351 regression

A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on...

8.8CVSS7AI score0.07693EPSS
Exploits5References6
RedHat Linux
RedHat Linux
added 2020/10/20 8:41 a.m.2 views

kernel: net: bluetooth: type confusion while processing AMP packets

A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP Logical Link Control and Adaptation Protocol packets with A2MP Alternate MAC-PHY Manager Protocol CID Channel Identifier. This flaw allows a remote attacker in an adjacent range to crash the system, causing a...

8.8CVSS7AI score0.07693EPSS
Exploits5References11
RedHat Linux
RedHat Linux
added 2020/10/20 8:32 a.m.6 views

kernel: net: bluetooth: type confusion while processing AMP packets

A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP Logical Link Control and Adaptation Protocol packets with A2MP Alternate MAC-PHY Manager Protocol CID Channel Identifier. This flaw allows a remote attacker in an adjacent range to crash the system, causing a...

8.8CVSS7AI score0.07693EPSS
Exploits5References11
RedHat Linux
RedHat Linux
added 2020/10/19 5:9 p.m.3 views

kernel: net: bluetooth: type confusion while processing AMP packets

A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP Logical Link Control and Adaptation Protocol packets with A2MP Alternate MAC-PHY Manager Protocol CID Channel Identifier. This flaw allows a remote attacker in an adjacent range to crash the system, causing a...

8.8CVSS7AI score0.07693EPSS
Exploits5References11
ThreatPost
ThreatPost
added 2020/10/14 1:37 p.m.184 views

Google, Intel Warn on 'Zero-Click' Kernel Bug in Linux-Based IoT Devices

Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things IoT devices. Click to Register! According to Google, the vulnerability affects users of Linux kernel...

9AI score0.26869EPSS
Exploits6References13
RedhatCVE
RedhatCVE
added 2020/09/11 5:59 a.m.26 views

CVE-2020-15802

A flaw was found in the bluetooth specification that would allow an attacker within bluetooth radio range to abuse a protocol flaw which could allow key-overwrite in services. Mitigation As the bluetooth module will be auto-loaded when required, its use can be disabled by preventing the module fr...

5.9CVSS1.2AI score0.07137EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2020/05/19 2:25 p.m.64 views

CVE-2020-10135

A flaw was discovered in the Bluetooth protocol affecting the Bluetooth BR/EDR authentication. An attacker with physical access to the Bluetooth connection could perform a spoofing attack impersonating the address of a previously paired remote device. This attack may result in the attacking devic...

4.8CVSS1.9AI score0.02386EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2020/03/31 8:33 p.m.4 views

kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command

A flaw was found in the Linux kernel's implementation of the Bluetooth Human Interface Device Protocol HIDP. A local attacker with access permissions to the Bluetooth device can issue an IOCTL which will trigger the dohidpsockioctl function in net/bluetooth/hidp/sock.c.c. This function can leak...

3.3CVSS7AI score0.00495EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/11/05 8:44 p.m.7 views

hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)

A flaw was discovered in the Bluetooth protocol. An attacker within physical proximity to the Bluetooth connection could downgrade the encryption protocol to be trivially brute forced...

8.1CVSS7.1AI score0.02691EPSS
Exploits2References4
Rows per page
Query Builder