Lucene search
K

270 matches found

Tenable Nessus
Tenable Nessus
added 2021/11/11 12:0 a.m.63 views

CentOS 8 : bluez (CESA-2021:4432)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4432 advisory. - bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack CVE-2020-26558 Note that Nessus has not tested for this issue but...

4.3CVSS7AI score0.00872EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/11/09 6:5 p.m.8 views

bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack

A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing SSP, Secure Connections SC and LE Secure Connections LESC of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device...

4.3CVSS6.6AI score0.00872EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/08/08 12:0 a.m.57 views

Debian DSA-4951-1 : bluez - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4951 advisory. Several vulnerabilities were discovered in Bluez, the Linux Bluetooth protocol stack. CVE-2020-26558 / CVE-2021-0129 It was discovered that Bluez does not properl...

8.6CVSS7.7AI score0.04242EPSS
Exploits0References10
Huntr
Huntr
added 2021/07/30 11:12 a.m.9 views

Use of a Broken or Risky Cryptographic Algorithm in hdinnovations/unit3d-community-edition

✍️ Description The referenced code block uses PHP's native md5 and uniqid functions to generate the attributes named passkey and rsskey - both of which are to be considered cryptographically insecure due to their usage of uniqid which is not to be considered cryptographically secure. 🕵️‍♂️ Proof of...

1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/07/23 12:0 a.m.43 views

SUSE SLES12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2021:2451-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2451-1 advisory. The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixe...

8.3CVSS7.3AI score0.78684EPSS
Exploits36References71
Tenable Nessus
Tenable Nessus
added 2021/07/22 12:0 a.m.151 views

SUSE SLES12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2021:2422-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2422-1 advisory. The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were...

8.3CVSS7.9AI score0.78684EPSS
Exploits35References44
Tenable Nessus
Tenable Nessus
added 2021/07/22 12:0 a.m.42 views

SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2021:2421-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2421-1 advisory. The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were...

8.8CVSS7.8AI score0.78684EPSS
Exploits40References76
Tenable Nessus
Tenable Nessus
added 2021/07/16 12:0 a.m.49 views

openSUSE 15 Security Update : bluez (openSUSE-SU-2021:2291-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2291-1 advisory. - Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to...

5.7CVSS7.1AI score0.00872EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2021/07/13 12:0 a.m.267 views

SUSE SLED15 / SLES15 Security Update : bluez (SUSE-SU-2021:2291-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2291-1 advisory. - CVE-2021-0129,CVE-2020-26558: Check bluetooth security flags bsc1186463. Tenable has extracted the preceding description block...

5.7CVSS7.1AI score0.00872EPSS
Exploits0References6
OSV
OSV
added 2021/06/23 5:11 p.m.8 views

MGASA-2021-0281 Updated bluez packages fix security vulnerability

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

4.3CVSS5.7AI score0.00872EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2021/06/17 12:0 a.m.56 views

Ubuntu 16.04 ESM : BlueZ vulnerabilities (USN-4989-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4989-2 advisory. USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the precedin...

8.6CVSS7.1AI score0.04242EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/06/16 12:0 a.m.70 views

Ubuntu 18.04 LTS / 20.04 LTS : BlueZ vulnerabilities (USN-4989-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4989-1 advisory. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to...

8.6CVSS7.3AI score0.04242EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2021/06/08 5:0 p.m.64 views

CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

4.3CVSS6.9AI score0.00872EPSS
Exploits0References12
OSV
OSV
added 2021/06/08 5:0 p.m.2 views

UBUNTU-CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

4.6CVSS6.9AI score0.00872EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2021/05/26 1:13 p.m.101 views

CVE-2020-26558

A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing SSP, Secure Connections SC and LE Secure Connections LESC of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device...

4.3CVSS2.5AI score0.00872EPSS
Exploits0References4
OSV
OSV
added 2021/05/24 6:15 p.m.2 views

DEBIAN-CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

4.2CVSS6.8AI score0.00872EPSS
Exploits0References1
OSV
OSV
added 2021/05/24 6:15 p.m.38 views

CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

4.2CVSS6.7AI score
Exploits0References11
Prion
Prion
added 2021/05/24 6:15 p.m.27 views

Authentication flaw

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

4.3CVSS5.6AI score0.00872EPSS
Exploits0References10Affected Software4
Cvelist
Cvelist
added 2021/05/24 5:22 p.m.33 views

CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

6.4AI score0.00872EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2021/05/24 5:22 p.m.50 views

CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflection of the public key and the authentication evidence of the initiati...

4.3CVSS7.1AI score0.00872EPSS
Exploits0
Rows per page
Query Builder