bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution

A flaw was found in the HID Profile in BlueZ that opens doors for unauthorized connections, especially by devices like keyboards, to inject keystrokes without user confirmation. BlueZ lacks proper restrictions on non-bonded devices, creating a risk for attackers that are physically close to injec...

CVE-2023-45866

A flaw was found in the HID Profile in BlueZ that opens doors for unauthorized connections, especially by devices like keyboards, to inject keystrokes without user confirmation. BlueZ lacks proper restrictions on non-bonded devices, creating a risk for attackers that are physically close to injec...

SUSE: Security Advisory (SUSE-SU-2022:3981-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:3981-1 Security update for bluez

This update for bluez fixes the following issues: - CVE-2021-43400: Fixed use-after-free in gatt-database.c bsc1192394. - CVE-2021-3658: Fixed adapter incorrectly restoring discoverable state after powered down bsc1188859...

SUSE-SU-2022:3691-1 Security update for bluez

This update for bluez fixes the following issues: - CVE-2019-8921: Fixed heap-based buffer overflow via crafted request bsc1193237. - CVE-2019-8922: Fixed heap-based buffer overflow via crafted request bsc1193227. - CVE-2020-26558: Fixed vulnerability that may permit a nearby man-in-the-middle...

SUSE-SU-2022:3687-1 Security update for bluez

This update for bluez fixes the following issues: - CVE-2021-0129: Fixed improper access control bsc1186463. - CVE-2020-26558: Fixed vulnerability that may permit a nearby man-in-the-middle attacker to identify the Passkey bsc1186463. - CVE-2019-8921: Fixed heap-based buffer overflow via crafted...

Updated bluez packages fix security vulnerability

Updated bluez packages fix security vulnerability: Adapter incorrectly restores Discoverable state after powered down CVE-2021-3658...

MGASA-2021-0395 Updated bluez packages fix security vulnerability

Updated bluez packages fix security vulnerability: Adapter incorrectly restores Discoverable state after powered down CVE-2021-3658...

bluez 安全漏洞

BlueZ is a Bluetooth protocol stack written in C. It is primarily used to provide support for the core Bluetooth layers and protocols. A security vulnerability exists in bluez that stems from the fact that bluez's bluetoothd incorrectly saves the discoverable state of the adapter when the device ...

PT-2021-7330 · Bluez +5 · Bluez +5

Name of the Vulnerable Software and Affected Versions: BlueZ affected versions not specified Description: The issue is related to the incorrect saving of the Discoverable status of Bluetooth adapters when a device is powered down, which is then restored when the device is powered on again. If a...

CVE-2018-10910

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable...