Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : bluez-5.44-6.el7 (AXSA:2020-4538:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-4538:01 advisory. bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices CVE-2018-10910 Tenable has...

4.5CVSS5.6AI score0.00458EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-1889

Malware in sbrugna...

5.5CVSS6.1AI score0.00385EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-16830

Malicious code in bioql PyPI...

4CVSS6.5AI score0.00116EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/04 4:56 a.m.6 views

CVE-2025-20991

Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable...

4CVSS4.2AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:18 p.m.5 views

CVE-2022-20396

In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS7.1AI score0.00076EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:8 p.m.7 views

CVE-2020-0386

In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for...

5.5CVSS8.6AI score0.00385EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/13 8:15 p.m.4 views

CVE-2022-20396

In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.9AI score0.00076EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/25 9:40 p.m.22 views

CVE-2022-24784 Discoverability of user password hash in Statamic CMS

Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncover the entire...

3.7CVSS4.6AI score0.00994EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2021/04/08 1:27 p.m.62 views

Kubernetes Namespaces Are Not as Secure as You Think

In a previous article, we described how the usage of namespaces in Kubernetes significantly simplifies the management of a Kubernetes cluster. However, managing multiple microservices on the same cluster comes with a security cost when not planned correctly. A common misconception around namespac...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.42 views

CentOS 8 : bluez (CESA-2020:1912)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1912 advisory. - bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices CVE-2018-10910 Note that Ness...

4.5CVSS5.6AI score0.00458EPSS
Exploits1References2
OSV
OSV
added 2020/09/17 4:15 p.m.3 views

CVE-2020-0386

In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for...

5.5CVSS6.7AI score0.00385EPSS
Exploits0References1
Prion
Prion
added 2020/09/17 4:15 p.m.13 views

Design/Logic Flaw

In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for...

4.3CVSS6.5AI score0.00385EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/17 3:48 p.m.24 views

CVE-2020-0386

In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for...

6AI score0.00385EPSS
Exploits0References1
OSV
OSV
added 2020/09/01 12:0 a.m.25 views

ASB-A-155650356

In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for...

5.5CVSS5.7AI score0.00385EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/04/28 12:0 a.m.30 views

RHEL 8 : bluez (RHSA-2020:1912)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1912 advisory. The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start script...

4.5CVSS5.7AI score0.00458EPSS
Exploits1References6
Veracode
Veracode
added 2020/04/01 12:38 a.m.28 views

Authorization Bypass

bluez is vulnerable to authorization bypass. The vulnerability exists as it fails to disable bluetooth discoverability that may lead to the unauthorized pairing of bluetooth devices...

4.5CVSS2.3AI score0.00458EPSS
Exploits1References8Affected Software1
CERT
CERT
added 2016/04/07 12:0 a.m.33 views

Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access

Overview The Lemur Vehicle Monitors BlueDriver is an aftermarket automotive device that connects to a vehicle's OBD-II port and provides information about the vehicle's performance. The BlueDriver does not require a PIN for Bluetooth access, which allows anyone in range to send arbitrary commands...

8.8CVSS9AI score0.01074EPSS
Exploits0References2
Rows per page
Query Builder