2 results (0.002 seconds)

CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 3

Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. • https://www.exploit-db.com/exploits/48963 http://packetstormsecurity.com/files/159740/Blueman-Local-Root-Privilege-Escalation.html https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287 https://github.com/blueman-project/blueman/releases/tag/2.1.4 https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx https://lists.debian.org/debian-lts-announce/2020/11/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1

The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument. El método EnableNetwork en la clase Network en plugins/mechanism/Network.py en Blueman en versiones anteriores a 2.0.3 permite a usuarios locales obtener privilegios a través del argumento dhcp_handler. • https://www.exploit-db.com/exploits/46186 http://packetstormsecurity.com/files/135047/Slackware-Security-Advisory-blueman-Updates.html http://www.debian.org/security/2015/dsa-3427 http://www.openwall.com/lists/oss-security/2015/12/18/6 http://www.openwall.com/lists/oss-security/2015/12/19/1 http://www.securityfocus.com/bid/79688 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.421085 https://github.com/blueman-project/blueman/issues/41 • CWE-264: Permissions, Privileges, and Access Controls •