460 matches found
CVE-2017-1000251
The native Bluetooth stack in the Linux Kernel BlueZ, starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space...
kernel: stack buffer overflow in the native Bluetooth stack
A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel CONFIGCCSTACKPROTECTOR=y, which is enabled on all architectures other tha...
Design/Logic Flaw
In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP Low Energy Audio Protocol, a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attack...
UBUNTU-CVE-2017-1000251
The native Bluetooth stack in the Linux Kernel BlueZ, starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space...
KB4038782: Windows 10 Version 1607 and Windows Server 2016 September 2017 Cumulative Update
The remote Windows host is missing security update 4038782. It is, therefore, affected by multiple vulnerabilities : - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements...
Windows 7 and Windows Server 2008 R2 September 2017 Security Updates
The remote Windows host is missing security update 4038779 or cumulative update 4038777. It is, therefore, affected by multiple vulnerabilities : - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain...
KB4038783: Windows 10 Version 1511 September 2017 Cumulative Update
The remote Windows host is missing security update 4038783. It is, therefore, affected by multiple vulnerabilities : - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements...
CVE-2017-9212
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name...
CVE-2017-9212
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name...
UBUNTU-CVE-2017-0423
An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1,...
MS11-053: Description of the update for Bluetooth Stack for Windows 7 and Windows Vista Service Pack 2: July 12, 2011
MS11-053: Description of the update for Bluetooth Stack for Windows 7 and Windows Vista Service Pack 2: July 12, 2011 INTRODUCTION Microsoft has released security bulletin MS11-053. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...
BlueZ Local Buffer Overflow Vulnerability
BlueZ is an official Bluetooth stack for Linux. A local buffer overflow vulnerability exists in BlueZ 5.41 and earlier versions. An attacker could exploit this vulnerability to cause an affected application to crash, resulting in a denial of service or execution of arbitrary code...
UBUNTU-CVE-2016-9918
In BlueZ 5.42, an out-of-bounds read was identified in "packethexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash...
BlueZ buffer overflow vulnerability (CNVD-2016-11951)
BlueZ is an official Bluetooth stack for Linux. A buffer overflow vulnerability exists in the 'setextctrl' function in the tools/parser/l2cap.c source file of BlueZ version 5.42. An attacker can exploit this vulnerability by running a compromised dump file to cause a denial of service...
BlueZ read-across-the-border vulnerability (CNVD-2016-11953)
BlueZ is an official Bluetooth stack for Linux. A security vulnerability exists in the 'lemetaevdump' function in the tools/parser/hci.c source file of BlueZ version 5.42. An attacker can exploit this vulnerability to read data across boundaries...
UBUNTU-CVE-2016-9803
In BlueZ 5.42, an out-of-bounds read was observed in "lemetaevdump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' which is used to read correct element from 'evlemetastr' array is overflowed...
Toshiba Bluetooth Stack for Windows and Service Station Non-Referenced Windows Search Path Vulnerability
Toshiba Bluetooth Stack for Windows and Service Station are both products of Toshiba, Japan. Toshiba Bluetooth Stack for Windows is a set of Bluetooth chip drivers for the Windows platform; Toshiba Toshiba Bluetooth Stack for Windows is a set of Bluetooth chip drivers for the Windows platform,...
CVE-2015-0884
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32T and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character...
Design/Logic Flaw
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32T and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character...
CVE-2015-0884
CVE-2015-0884 describes an unquoted Windows search path privilege-escalation vulnerability in Toshiba Bluetooth Stack for Windows (before 9.10.32(T)) and Toshiba Service Station (before 2.2.14). A local attacker can exploit the issue by delivering a Trojan horse application whose name is an initi...