CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3588 – memory contents disclosure in cli_feat_read_cb
https://notcve.org/view.php?id=CVE-2021-3588
10 Jun 2021 — The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. La función cli_feat_read_cb() en src/gatt-database.c no realiza comprobaciones de límites en la variable 'offset' antes de utilizarla como índice en un array para su lectura It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Jay LV discovered ... • https://github.com/bluez/bluez/issues/70 • CWE-125: Out-of-bounds Read CWE-788: Access of Memory Location After End of Buffer •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2021-0129 – kernel: Improper access control in BlueZ may allow information disclosure vulnerability.
https://notcve.org/view.php?id=CVE-2021-0129
09 Jun 2021 — Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Un control de acceso inapropiado en BlueZ puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso adyacente A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability... • https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 3CVE-2020-12352 – Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-12352
20 Oct 2020 — Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Un control de acceso inapropiado en BlueZ puede permitir a un usuario no autenticado habilitar potencialmente una divulgación de información por medio de un acceso adyacente An information leak flaw was found in the way Linux kernel’s Bluetooth stack implementation handled initialization of stack memory when handling certain AMP (Alternate MAC-PHY Manager Protocol) packets. Th... • https://packetstorm.news/files/id/162131 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-909: Missing Initialization of Resource •
CVSS: 7.1EPSS: 5%CPEs: 4EXPL: 1CVE-2020-24490 – kernel: net: bluetooth: heap buffer overflow when processing extended advertising report events
https://notcve.org/view.php?id=CVE-2020-24490
20 Oct 2020 — Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. Unas restricciones de búfer inapropiadas en BlueZ pueden permitir a un usuario no autenticado habilitar potencialmente la denegación de servicio por medio de un acceso adyacente. Esto afecta a todas las versiones del kernel de Linux que admiten BlueZ A heap buffer overflow flaw was found in the way the Linux kerne... • https://github.com/AbrarKhan/linux_CVE-2020-24490-beforePatch • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-27153 – bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS or RCE
https://notcve.org/view.php?id=CVE-2020-27153
15 Oct 2020 — In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. En BlueZ versiones anteriores a 5.55, se encontró una doble liberación en la rutina disconnect_cb() de gatttool del archivo shared/att.c. Un atacante remoto podría potencialmente causar una denegación de servicio o una ejecución de código, durante la de... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00034.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2020-0556 – bluez: Improper access control in subsystem could result in privilege escalation and DoS
https://notcve.org/view.php?id=CVE-2020-0556
12 Mar 2020 — Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access El control de acceso incorrecto en el subsistema para BlueZ anterior a la versión 5.54 puede permitir que un usuario no autenticado permita potencialmente la escalada de privilegios y la denegación de servicio a través del acceso adyacente It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A lo... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html • CWE-266: Incorrect Privilege Assignment •
CVSS: 4.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10910 – bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices
https://notcve.org/view.php?id=CVE-2018-10910
15 Jan 2019 — A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. Un fallo en Bluez podría permitir al estado "Bluetooth Disponible" establecerse en "activo" cuando no hay ningún agente Bluetooth registrado con el sistema. Esto podría provocar el emparejamiento no autorizado de dete... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10910 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 43%CPEs: 1EXPL: 2CVE-2017-1000250 – bluez: Out-of-bounds heap read in service_search_attr_req function
https://notcve.org/view.php?id=CVE-2017-1000250
12 Sep 2017 — All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. Todas las versiones del servidor SDP en BlueZ 5.46 y anteriores son vulnerables a sufrir una divulgación de información que permite que los atacantes remotos obtengan información sensible de la memoria del proceso bluetooth... • https://github.com/olav-st/CVE-2017-1000250-PoC • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7837 – Ubuntu Security Notice USN-4311-1
https://notcve.org/view.php?id=CVE-2016-7837
09 Jun 2017 — Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. Ddesbordamiento de búfer en BlueZ 5.41 y versiones anteriores, permite a un atacante ejecutar código arbitrario a través de la función parse_line utilizada en algunas utilidades de userland. It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. It was disco... • http://www.securityfocus.com/bid/95067 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2016-9917
https://notcve.org/view.php?id=CVE-2016-9917
08 Dec 2016 — In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. En BlueZ 5.42, un desbordamiento de búfer fue observado en la función "read_n" en el archivo fuente "tools/hcidump.c". Este problema puede ser desencadenado procesando un archivo de volcado corrupto y resultará en una caída hcidump. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00069.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •