Lucene search
K

20 matches found

CVE
CVE
added 2026/06/22 11:58 p.m.21 views

CVE-2026-10658

CVE-2026-10658 affects Zephyr’s Bluetooth Host ISO RX path, specifically bt_iso_recv() in subsys/bluetooth/host/iso.c. The vulnerability arises from missing minimum length checks for SDU headers when processing PB=START/SINGLE, allowing a malformed HCI ISO payload to bypass the inner header lengt...

7.1CVSS5.9AI score0.00163EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 11:58 p.m.39 views

CVE-2026-10658 Bluetooth Host ISO RX Missing SDU Header Length Validation in bt_iso_recv() Leads to DoS

A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In btisorecv subsys/bluetooth/host/iso.c, when processing PB=START/SINGLE fragments, the code pulls a TS SDU header 8 bytes, ts=1 or a non-TS SDU header 4 bytes, ts=0 without firs...

7.1CVSS0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.9 views

CVE-2026-5068

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation via chanops.allocbuf and the chosen RX pool has a userdatasize smaller than 2 bytes, the segmentation counter stored in t...

8.8CVSS5.5AI score0.00452EPSS
Exploits1References1
NVD
NVD
added 2026/06/09 8:16 a.m.15 views

CVE-2026-5068

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation via chanops.allocbuf and the chosen RX pool has a userdatasize smaller than 2 bytes, the segmentation counter stored in t...

8.8CVSS0.00452EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A vulnerability classified as critical was discovered in the Linux kernel. The vulnerability affects the function l2capreassemblesdu in the file net/bluetooth/l2capcore.c of the Bluetooth component. This vulnerability stems from improper memory management, leading to an attempt to reuse freed...

7.1CVSS6.4AI score0.0129EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/04/23 8:9 a.m.5 views

Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()

...

5.5CVSS5.2AI score0.00123EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.8 views

SUSE CVE-2026-31512

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2capecreddatarcv l2capecreddatarcv reads the SDU length field from skb-data using getunalignedle16 without first verifying that skb contains at least...

7.1CVSS5.6AI score0.00123EPSS
Exploits0References19
EUVD
EUVD
added 2026/04/22 3:31 p.m.6 views

EUVD-2026-24895

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2capecreddatarcv l2capecreddatarcv reads the SDU length field from skb-data using getunalignedle16 without first verifying that skb contains at least...

5.6AI score0.00123EPSS
Exploits0References9
NVD
NVD
added 2026/04/22 2:16 p.m.5 views

CVE-2026-31512

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2capecreddatarcv l2capecreddatarcv reads the SDU length field from skb-data using getunalignedle16 without first verifying that skb contains at least...

5.5CVSS0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/04/22 1:54 p.m.19 views

CVE-2026-31512

Mode C CVE-2026-31512 affects the Linux kernel Bluetooth L2CAP path. The vulnerability arises in l2cap_ecred_data_rcv() where the SDU length is read from skb->data using get_unaligned_le16() without first ensuring skb contains at least 2 bytes (L2CAP_SDULEN_SIZE). If skb->len

5.5CVSS5.6AI score0.00123EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34417

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth L2CAP component where the l2cap ecred data rcv function reads the SDU length field from skb-data using get unaligned le16 without verifying that the sock...

5.5CVSS5.5AI score0.00123EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34403

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth L2CAP component. The l2cap config req function processes CONFIG REQ for channels in BT CONNECTED state to support reconfiguration, such as MTU changes...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References300
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992272)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992272 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2capreassemblesdu Fix the race condition between...

7.8CVSS6AI score0.00188EPSS
Exploits0References4
OSV
OSV
added 2025/05/01 3:16 p.m.1 views

DEBIAN-CVE-2022-49910

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2capreassemblesdu Fix the race condition between the following two flows that run in parallel: 1. l2capreassemblesdu - chan-ops-recv l2capsockrecvcb - sockqueuercvskb. 2...

7.8CVSS5.6AI score0.00188EPSS
Exploits0References1
OSV
OSV
added 2025/05/01 3:16 p.m.10 views

UBUNTU-CVE-2022-49910

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2capreassemblesdu Fix the race condition between the following two flows that run in parallel: 1. l2capreassemblesdu - chan-ops-recv l2capsockrecvcb - sockqueuercvskb. 2...

7.8CVSS6.1AI score0.00188EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.4 views

SUSE CVE-2022-3564

A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2capreassemblesdu of the file net/bluetooth/l2capcore.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The...

8CVSS7.1AI score0.0129EPSS
Exploits0References45
Openbugbounty
Openbugbounty
added 2020/09/14 10:48 a.m.7 views

sdupress.usd.ac.id Cross Site Scripting vulnerability OBB-1335089

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
0day.today
0day.today
added 2017/01/07 12:0 a.m.42 views

Intuit QuickBooks Desktop 2017 Credential Disclosure Vulnerability

Intuit QuickBooks Desktop 2017 suffers from an administrative credential disclosure vulnerability. + Credits: Maxim Tomashevich + Website: https://www.thegrideon.com/quickbooks-forensics.html + Details: https://www.thegrideon.com/qb-internals-2017.html Vendor: --------------------- www.intuit.com...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2017/01/06 12:0 a.m.63 views

Intuit QuickBooks Desktop 2017 Credential Disclosure

Credits: Maxim Tomashevich + Website: https://www.thegrideon.com/quickbooks-forensics.html + Details: https://www.thegrideon.com/qb-internals-2017.html Vendor: --------------------- www.intuit.com www.intuit.ca Product: --------------------- QuickBooks Desktop versions: 2017 Vulnerability Type:...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2015/11/25 10:39 p.m.10 views

maths.wh.sdu.edu.cn XSS vulnerability

Vulnerable URL: http://maths.wh.sdu.edu.cn/teacher.php?mid=16=detail=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

6.3AI score
Exploits0
Rows per page
Query Builder