353 matches found
CVE-2024-5754 BT: Encryption procedure host vulnerability
BT: Encryption procedure host vulnerability...
PT-2024-37410 · Unknown · Bt Classic
Name of the Vulnerable Software and Affected Versions: BT:Classic affected versions not specified Description: The issue concerns multiple missing buffer length checks. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-worl...
BPL Medical Technologies PWS-01-BT and BPL Be Well Android Application
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Low attack complexity/public exploits are available Vendor : BPL Medical Technologies Equipment : PWS-01-BT, Be Well Android App Vulnerability : Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of...
CLSA-2024-1725876080 kernel: Fix of 44 CVEs
dmaengine: idxd: Fix possible Use-After-Free in irqprocessworklist CVE-2024-40956 - userfaultfd: fix a race between writeprotect and exitmmap CVE-2021-47461 - netfilter: nftables: use timestamp to check for set element timeout CVE-2024-27397 - x86/sev: Harden VC instruction emulation somewhat...
CVE-2024-44939 jfs: fix null ptr deref in dtInsertEntry
In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry syzbot reported general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 1 PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range...
SUSE SLED15: kernel-firmware / kernel-firmware-all / kernel-firmware-amdgpu / etc (SUSE-SU-2024:2785-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2785-1 advisory. Update to version 20240728: amdgpu: update DMCUB to v0.0.227.0 for DCN35 and DCN351 Revert...
CVE-2024-42137
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab "Bluetooth: hciqca: Fix driver shutdown on closed serdev" will cause below regression issue: BT can't be enabled after below steps: col...
CVE-2024-42137
CVE-2024-42137 concerns a Linux kernel Bluetooth issue for Qualcomm Atheros (QCA6390). The vulnerability stemmed from a regression introduced by commit 272970be3dab, which fixed a use-after-free in qca_serdev_shutdown() but caused Bluetooth enablement to fail after a warm reboot if enable-gpios w...
PT-2024-38075 · WordPress · Bold Page Builder
Name of the Vulnerable Software and Affected Versions: The Bold Page Builder plugin for WordPress versions up to, and including, 5.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's bt bb button shortcode due to insufficient input sanitization and output escapin...
kernel: bluetooth: bt_sock_ioctl race condition leads to use-after-free in bt_sock_recvmsg
A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the btsockrecvmsg and btsockioctl functions could lead to a use-after-free on a socket buffer "skb". This flaw allows a local user to cause a denial of service condition or potential code execution...
CVE-2024-4013 Failure to update BT Mesh Replay Protection List
A bug exists in the API, meshnodepoweroff, which fails to copy the contents of the Replay Protection List RPL from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning...
CVE-2024-4013 Failure to update BT Mesh Replay Protection List
A bug exists in the API, meshnodepoweroff, which fails to copy the contents of the Replay Protection List RPL from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning...
kernel: bluetooth: bt_sock_ioctl race condition leads to use-after-free in bt_sock_recvmsg
A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the btsockrecvmsg and btsockioctl functions could lead to a use-after-free on a socket buffer "skb". This flaw allows a local user to cause a denial of service condition or potential code execution...
PT-2024-20994 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the bt id parameter at the "/include/get dict.aspx" API endpoint. This allows for potential exploitation. No information is provided about the estimated...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-6740-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6740-1 advisory. Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null...
SUSE-SU-2024:1025-1 Security update for the Linux Kernel (Live Patch 47 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122173 fixes one issue. The following security issue was fixed: - CVE-2023-51779: Fixed a use-after-free because of a btsockioctl race condition in btsockrecvmsg bsc1218610...
Debian dla-3746 : libwireshark-data - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3746 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3746-1 [email protected]...
Linux Kernel Security Vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that stems from a post-release reuse vulnerability contained in btsockrecvmsg...
UBUNTU-CVE-2023-51779
btsockrecvmsg in net/bluetooth/afbluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a btsockioctl race condition...
British LAPSUS$ Teen Members Sentenced for High-Profile Attacks
Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion Kurtaj, an 18-year-old from Oxford, has been sentenced to an indefinite hospital order due to his intent ...