Lucene search
+L

169 matches found

redhatcve
redhatcve
added 2025/05/22 7:26 p.m.6 views

CVE-2021-25406

Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information...

6.5CVSS6.8AI score0.00398EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:2 p.m.7 views

CVE-2021-1035

In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.2AI score0.00122EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:0 p.m.7 views

CVE-2021-0586

In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

7.8CVSS7AI score0.00298EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 6:59 p.m.12 views

CVE-2021-0433

In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User...

8CVSS7.1AI score0.00551EPSS
Exploits0References1
nessus
nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2023-51596

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute...

7.1CVSS7.5AI score0.01493EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/02/13 8:37 p.m.8 views

CVE-2024-24860

A race condition was found in the Linux kernel's bluetooth device driver in min,maxkeysizeset function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue...

5.3CVSS6.6AI score0.00805EPSS
Exploits0References1
nvd
nvd
added 2025/01/31 12:15 a.m.11 views

CVE-2024-23963

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists...

8CVSS0.0046EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/01/30 11:57 p.m.9 views

CVE-2024-23963 Alpine Halo9 Stack-based Buffer Overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists...

8CVSS8.8AI score0.0046EPSS
Exploits0References1
osv
osv
added 2025/01/22 2:41 p.m.9 views

USN-7222-1 bluez vulnerabilities

Lucas Leong discovered that BlueZ incorrectly handled the Phone Book Access profile. If a user were tricked into connecting to a malicious Bluetooth device, a remote attacker could possibly use this issue to execute arbitrary code...

8CVSS7.1AI score0.0229EPSS
Exploits0References3
ubuntu
ubuntu
added 2025/01/22 2:41 p.m.13 views

USN-7222-1: BlueZ vulnerabilities

Lucas Leong discovered that BlueZ incorrectly handled the Phone Book Access profile. If a user were tricked into connecting to a malicious Bluetooth device, a remote attacker could possibly use this issue to execute arbitrary code...

8CVSS7.1AI score0.0229EPSS
Exploits0
nessus
nessus
added 2025/01/22 12:0 a.m.15 views

Ubuntu 20.04 LTS / 22.04 LTS : BlueZ vulnerabilities (USN-7222-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7222-1 advisory. Lucas Leong discovered that BlueZ incorrectly handled the Phone Book Access profile. If a user were tricked into connecting to a malicious...

8CVSS7.6AI score0.0229EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/01/13 5:28 a.m.12 views

CVE-2024-57879

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of isolistenbis Since hcigetroute holds the device before returning, the hdev should be released with hcidevput at the end of isolistenbis even if the function returns with an error...

5.5CVSS6.9AI score0.00175EPSS
Exploits0References4
nvd
nvd
added 2025/01/11 3:15 p.m.11 views

CVE-2024-57879

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of isolistenbis Since hcigetroute holds the device before returning, the hdev should be released with hcidevput at the end of isolistenbis even if the function returns with an error...

5.5CVSS0.00175EPSS
Exploits0References2
astralinux
astralinux
added 2024/11/23 3:4 a.m.6 views

Astra Linux – Vulnerability in bluez

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability, as the target must connect...

8CVSS7.7AI score0.0229EPSS
Exploits0References3
redhat
redhat
added 2024/11/12 9:20 a.m.116 views

bluez: OBEX library out-of-bounds read information disclosure vulnerability

A flaw was found within the handling of OBEX protocol parameters in BlueZ. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a...

5.7CVSS5.6AI score0.00949EPSS
Exploits0References4
redhat
redhat
added 2024/11/12 9:20 a.m.5 views

bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability

A flaw was found within the handling of the Phone Book Access profile in BlueZ. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a...

8CVSS6.1AI score0.0229EPSS
Exploits0References4
cve
cve
added 2024/09/28 6:13 a.m.56 views

CVE-2024-23935

CVE-2024-23935 affects Alpine Halo9. The vulnerability is a stack-based buffer overflow in the DecodeUTF7 function, caused by insufficient validation of user-supplied data length before copying to a stack buffer. It enables remote code execution with root privileges and requires the attacker to p...

8CVSS8.1AI score0.00488EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2024/07/03 12:0 a.m.19 views

CBL Mariner 2.0 Security Update: bluez (CVE-2023-50229)

The version of bluez installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-50229 advisory. - BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This...

8CVSS7.7AI score0.0229EPSS
Exploits0References2
nvd
nvd
added 2024/05/03 3:16 a.m.20 views

CVE-2023-51594

BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a...

5.7CVSS3AI score0.00949EPSS
Exploits0References1
attackerkb
attackerkb
added 2024/05/03 3:16 a.m.3 views

CVE-2023-51596

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must...

7.1CVSS6.2AI score0.01493EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder