EUVD-2015-5273

Malware in sbrugna...

EUVD-2009-2846

Malware in sbrugna...

CVE-2011-3444

Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network...

Amazon Linux 2 : bluez (ALAS-2024-2386)

The version of bluez installed on the remote host is prior to 5.44-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2386 advisory. bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution CVE-2023-45866 Tenable has...

GLSA-202401-03 : BlueZ: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-202401-03 BlueZ: Privilege Escalation - Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitti...

Debian DSA-5584-1 : bluez - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5584 advisory. It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile...

Updated bluez packages fix a security vulnerability

This update fixes the following security issue. Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has...

Debian dla-3689 : bluetooth - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3689 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3689-1 [email protected] https://www.debian.org/lts/security/...

Slackware Linux 15.0 / current bluez Vulnerability (SSA:2023-348-01)

The version of bluez installed on the remote host is prior to 5.71. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-348-01 advisory. - Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connectio...

CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...

Code injection

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...

SUSE CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...

Fedora 39 : bluez (2023-6a3fe615d3)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6a3fe615d3 advisory. Install default input.conf/network.conf Add mitigation for CVE-2023-45866 Tenable has extracted the preceding description block directly from the Fedora...

CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...

CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...

CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...

Fedora 37 : libldb / samba (2023-fca3bfed78)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-fca3bfed78 advisory. Update to ldb 2.6.2 and samba 4.17.7 Security fixes for CVE-2023-0225, CVE-2023-0922, CVE-2023-0614 Tenable has extracted the preceding description...

python-scciclient: missing server certificate verification

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

python-scciclient 信任管理问题漏洞

python-scciclient is a Python ServerView Common Command Interface SCCI client library. A security vulnerability in python-scciclient exists because the server's credentials are not validated when establishing an HTTPS connection to the server allowing an attacker to implement a man-in-the-middle...

GHSA-442G-GCG6-MHM4 Play Framework Inadequate Encryption Strength vulnerability

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...