21 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-8921
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVCATTRREQ by the SDP implementation. By crafting a...
Ubuntu: Security Advisory (USN-7265-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7265-1: BlueZ vulnerabilities
Julian Rauchberger discovered that BlueZ did not correctly handle certain memory operations. An attacker could possibly use this issue to leak sensitive information or execute arbitrary code. CVE-2019-8921, CVE-2019-8922...
Amazon Linux 2 : bluez (ALAS-2023-2309)
The version of bluez installed on the remote host is prior to 5.44-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2309 advisory. An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVCATTRREQ by the SD...
Medium: bluez
Issue Overview: An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVCATTRREQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in...
Huawei EulerOS: Security Advisory for bluez (EulerOS-SA-2023-1742)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.2.0 : bluez (EulerOS-SA-2023-1742)
According to the versions of the bluez package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVCATTRREQ by the SDP...
Huawei EulerOS: Security Advisory for bluez (EulerOS-SA-2023-1090)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.2.6 : bluez (EulerOS-SA-2023-1090)
According to the versions of the bluez package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVCATTRREQ by the SDP...
SUSE SLED12 / SLES12 Security Update : bluez (SUSE-SU-2022:3718-1)
The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3718-1 advisory. - CVE-2019-8921: Fixed heap-based buffer overflow via crafted request bsc1193237. - CVE-2016-9803: Fixed memor...
SUSE: Security Advisory (SUSE-SU-2022:3718-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:3718-1 Security update for bluez
This update for bluez fixes the following issues: - CVE-2019-8921: Fixed heap-based buffer overflow via crafted request bsc1193237. - CVE-2016-9803: Fixed memory leak bsc1013885...
Debian: Security Advisory (DLA-3157-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3157-1] bluez security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3157-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler October 24, 2022 https://wiki.debian.org/LTS -...
Debian dla-3157 : bluetooth - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3157 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3157-1 [email protected]...
SUSE: Security Advisory (SUSE-SU-2022:3691-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for bluez (EulerOS-SA-2022-2488)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for bluez (EulerOS-SA-2022-1524)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-8921
An issue was discovered in bluetoothd in BlueZ through version 5.48. The vulnerability lies in the handling of buffered data where it is possible to cause the server to return more bytes than the buffer actually holds, resulting in leaking arbitrary heap data...
CVE-2019-8921
CVE-2019-8921 is a BlueZ Bluetooth stack vulnerability affecting bluetoothd, specifically in the SDP implementation. The issue arises from how SVC_ATTR_REQ is handled; by crafting a malicious CSTATE, an attacker could cause the server to return more bytes than the buffer can hold, leaking heap da...