Lucene search
K

854 matches found

OSV
OSV
added 2023/12/22 11:6 a.m.4 views

OESA-2023-1948 bluez security update

This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A. Security Fixes: Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and...

6.3CVSS7.2AI score0.07879EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2023/12/14 12:0 a.m.37 views

Slackware Linux 15.0 / current bluez Vulnerability (SSA:2023-348-01)

The version of bluez installed on the remote host is prior to 5.71. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-348-01 advisory. - Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connectio...

7.1CVSS6.8AI score0.07879EPSS
Exploits8References2
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.2 views

Relyum RELY-PCIe, RELY-REC Security Vulnerabilities

The Relyum RELY-PCIe is an intelligent pluggable board from the Spanish company Relyum. A security vulnerability exists in Relyum RELY-PCIe version 22.2.1, RELY-REC version 23.1.0, which originates from not checking the current password, which could result in the password being changed...

9.8CVSS6.9AI score0.00706EPSS
Exploits0References2
OSV
OSV
added 2023/12/08 6:15 a.m.8 views

AZL-32161 CVE-2023-45866 affecting package bluez for versions less than 5.63-5

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...

6.3CVSS6.6AI score0.07879EPSS
Exploits8References1
NVD
NVD
added 2023/12/08 6:15 a.m.31 views

CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...

6.3CVSS0.07879EPSS
Exploits8References15
CVE
CVE
added 2023/12/08 12:0 a.m.692 views

CVE-2023-45866

CVE-2023-45866 affects BlueZ Bluetooth HID Hosts. The description states that an unauthenticated Peripheral role HID Device could initiate, establish an encrypted connection, and send HID keyboard reports, potentially injecting HID messages when there is no user interaction in the Central role to...

6.3CVSS6.9AI score0.07879EPSS
Exploits8References15Affected Software1
Cvelist
Cvelist
added 2023/12/08 12:0 a.m.26 views

CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...

7AI score0.07879EPSS
Exploits8References13
Tenable Nessus
Tenable Nessus
added 2023/12/08 12:0 a.m.26 views

Fedora 39 : bluez (2023-6a3fe615d3)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6a3fe615d3 advisory. Install default input.conf/network.conf Add mitigation for CVE-2023-45866 Tenable has extracted the preceding description block directly from the Fedora...

6.3CVSS6.8AI score0.07879EPSS
Exploits8References2
UbuntuCve
UbuntuCve
added 2023/12/06 12:0 a.m.86 views

CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...

6.3CVSS6.9AI score0.07879EPSS
Exploits8References3
RedHat Linux
RedHat Linux
added 2023/11/21 11:31 a.m.2 views

kernel: EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper()

In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: fix refcount leak in pcigetdevwrapper As the comment of pcigetdomainbusandslot says, it returns a PCI device with refcount incremented, so it doesn't need to call an extra pcidevget in pcigetdevwrapper, and the PCI...

6.8AI score0.00173EPSS
Exploits0References5
OSV
OSV
added 2023/11/14 7:15 p.m.2 views

CVE-2023-20521

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service...

5.7CVSS5.8AI score0.00257EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/14 12:0 a.m.5 views

PT-2023-12738 · Unknown +1 · System Management Mode +1

Name of the Vulnerable Software and Affected Versions: System Management Mode SMM affected versions not specified Description: The issue is related to improper access control in System Management Mode SMM, which may allow an attacker to write to SPI ROM, potentially leading to arbitrary code...

9.8CVSS7.8AI score0.00989EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.4 views

AMD System Management Mode Security Vulnerability

AMD System Management Mode is a system management mode from Ultraviolet Semiconductor AMD. A CPU execution mode. A security vulnerability exists in AMD System Management Mode that stems from improper access control in System Management Mode SMM that could allow an attacker to write to the SPI ROM...

9.8CVSS7.8AI score0.00989EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/10 12:0 a.m.5 views

PT-2024-14722

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Linux kernel where a synchronous transfer can be active during a system suspend, causing a null pointer dereference exception when the system resumes. This...

4.7CVSS5.9AI score0.00181EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.4 views

kernel: PCI: Fix use-after-free in pci_bus_release_domain_nr()

A use-after-free exists in the linux kernel such that The kernel frees the struct pcibus in pciremovebus via releasepcibusdev. After the structure is freed, a callback pcibusreleasedomainnr accesses that freed memory, leading to damage to system availability...

7.8CVSS7.4AI score0.00176EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.6 views

kernel: iommu/amd: Fix pci device refcount leak in ppr_notifier()

A reference counting violation was found in the Linux kernel's AMD IOMMU PPR Peripheral Page Request notification handler. When the handler looks up PCI devices using pcigetdomainbusandslot, it receives a reference-counted device pointer but never releases that reference before returning. This...

5.5CVSS7.2AI score0.0015EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.5 views

kernel: Linux kernel: Denial of Service due to PCI device reference count leak

A flaw was found in the Linux kernel. A local low-privileged user could exploit a reference count leak in the drm/amdgpu component. This vulnerability, related to how PCI Peripheral Component Interconnect devices are managed, could lead to a Denial of Service DoS by exhausting system resources...

5.7AI score0.002EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.3 views

kernel: PCI: Fix dropping valid root bus resources with .end = zero

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix dropping valid root bus resources with .end = zero On r8a7791/koelsch: kmemleak: 1 new suspected memory leaks see /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak unreferenced object 0xc3a34e00 size 64: comm...

5.6AI score0.00156EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/11/02 12:0 a.m.10 views

The vulnerability in the interface for connecting peripheral devices via USB browsers like Google Chrome allows a hacker to execute arbitrary code.

The vulnerability of the interface for connecting peripheral devices via USB in Google Chrome browsers is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created web page...

10CVSS8.1AI score0.07094EPSS
Exploits0References12Affected Software4
Positive Technologies
Positive Technologies
added 2023/09/17 12:0 a.m.2 views

PT-2023-8495 · Xen +3 · Xen +3

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to the functionality of phantom functions in PCI devices, which can generate requests using the IDs of unpopulated functions, allowing a device to extend the number of...

6.5CVSS6.4AI score0.00805EPSS
Exploits0References79
Rows per page
Query Builder