270 matches found
CentOS 8 : bluez (CESA-2021:4432)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4432 advisory. - bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack CVE-2020-26558 Note that Nessus has not tested for this issue but...
bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack
A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing SSP, Secure Connections SC and LE Secure Connections LESC of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device...
Debian DSA-4951-1 : bluez - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4951 advisory. Several vulnerabilities were discovered in Bluez, the Linux Bluetooth protocol stack. CVE-2020-26558 / CVE-2021-0129 It was discovered that Bluez does not properl...
Use of a Broken or Risky Cryptographic Algorithm in hdinnovations/unit3d-community-edition
✍️ Description The referenced code block uses PHP's native md5 and uniqid functions to generate the attributes named passkey and rsskey - both of which are to be considered cryptographically insecure due to their usage of uniqid which is not to be considered cryptographically secure. 🕵️♂️ Proof of...
SUSE SLES12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2021:2451-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2451-1 advisory. The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixe...
SUSE SLES12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2021:2422-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2422-1 advisory. The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were...
SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2021:2421-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2421-1 advisory. The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were...
openSUSE 15 Security Update : bluez (openSUSE-SU-2021:2291-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2291-1 advisory. - Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to...
SUSE SLED15 / SLES15 Security Update : bluez (SUSE-SU-2021:2291-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2291-1 advisory. - CVE-2021-0129,CVE-2020-26558: Check bluetooth security flags bsc1186463. Tenable has extracted the preceding description block...
MGASA-2021-0281 Updated bluez packages fix security vulnerability
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...
Ubuntu 16.04 ESM : BlueZ vulnerabilities (USN-4989-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4989-2 advisory. USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the precedin...
Ubuntu 18.04 LTS / 20.04 LTS : BlueZ vulnerabilities (USN-4989-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4989-1 advisory. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to...
CVE-2020-26558
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...
UBUNTU-CVE-2020-26558
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...
CVE-2020-26558
A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing SSP, Secure Connections SC and LE Secure Connections LESC of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device...
DEBIAN-CVE-2020-26558
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...
CVE-2020-26558
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...
Authentication flaw
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...
CVE-2020-26558
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...
CVE-2020-26558
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...