28 matches found
[SECURITY] Fedora 42 Update: golang-github-tetratelabs-wazero-1.11.0-1.fc42
WebAssembly is a way to safely run code compiled in other languages. Runtimes execute WebAssembly Modules Wasm, which are most often binaries with a .wasm extension. wazero is a WebAssembly Core Specification 1.0 and 2.0 compliant runtime written in Go. It has zero dependencies, and doesn't rely ...
Bluetooth Core Specification 安全漏洞
The Bluetooth Core Specification is a specification for Bluetooth. It defines the technical building blocks used by developers to create the interoperable devices that make up the thriving Bluetooth ecosystem. Overseen by the Bluetooth Special Interest Group SIG and regularly updated and enhanced...
CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...
The vulnerability in the implementation of the Bluetooth Classic protocol, as specified in the Bluetooth Core Specification, allows a perpetrator to disclose protected information.
The vulnerability of the Bluetooth Classic protocol implementation, as described in the Bluetooth Core Specification, is related to insufficient protection of service data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
CVE-2022-24695
Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with...
PT-2023-3480 · Unknown · Bluetooth Core Specification
Name of the Vulnerable Software and Affected Versions: Bluetooth Core Specification versions through 5.3 Description: The issue is related to Bluetooth Classic in the Bluetooth Core Specification, where device information for Bluetooth transceivers in Non-Discoverable mode is not properly...
Bluetooth Core Specification 安全漏洞
The Bluetooth Core Specification is a specification. Defines the technical building blocks used by developers to create the interoperable devices that make up the thriving Bluetooth ecosystem. It is overseen by the Bluetooth Special Interest Group SIG and regularly updated and enhanced by the...
CVE-2022-24695
CVE-2022-24695 concerns Bluetooth Classic in the Bluetooth Core Specification up to version 5.3, where device information for transceivers in Non-Discoverable mode is not properly concealed. An over-the-air attack could efficiently extract the permanent Bluetooth MAC identifier and device capabil...
CVE-2022-24695
Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with...
CVE-2022-25836
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing...
CVE-2022-25836
CVE-2022-25836 affects Bluetooth Low Energy Pairing in Bluetooth Core Specification v4.0–v5.3. An unauthenticated MITM can exploit two pairing devices with adjacent access by negotiating Legacy Passkey Pairing (Initiator) and Secure Connections Passkey Pairing (Responder), then brute-forcing the ...
PT-2022-5922
Name of the Vulnerable Software and Affected Versions Bluetooth Core Specification versions 4.0 through 5.3 Linux kernel affected versions not specified Description The issue is related to errors in the authentication procedure of the Bluetooth Low Energy driver in the Linux kernel. It may allow ...
Bluetooth Core Specification 安全漏洞
The Bluetooth Core Specification is a specification. Defines the technical building blocks used by developers to create the interoperable devices that make up the thriving Bluetooth ecosystem. Overseen by the Bluetooth Special Interest Group SIG and regularly updated and enhanced by the Bluetooth...
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.
...
CVE-2021-44878
If an OpenID Connect provider supports the "none" algorithm i.e., tokens with no signature, pac4j v5.3.0 and prior does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the OpenID Core Specification. The "none" algorit...
SUSE SLES12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2021:2422-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2422-1 advisory. The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were...
openSUSE 15 Security Update : kernel (openSUSE-SU-2021:2427-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2427-1 advisory. - The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that the...
SUSE SLED15 / SLES15 Security Update : bluez (SUSE-SU-2021:2291-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2291-1 advisory. - CVE-2021-0129,CVE-2020-26558: Check bluetooth security flags bsc1186463. Tenable has extracted the preceding description block...
SUSE SLES15: kernel-azure / kernel-azure-devel / kernel-devel-azure / etc (SUSE-SU-2021:2202-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2202-1 advisory. The SUSE Linux Enterprise 15 SP3 azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...
Ubuntu 16.04 ESM : BlueZ vulnerabilities (USN-4989-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4989-2 advisory. USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the precedin...