CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 4CVE-2020-15238 – Local privilege escalation Blueman
https://notcve.org/view.php?id=CVE-2020-15238
27 Oct 2020 — Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. • https://packetstorm.news/files/id/159740 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.4EPSS: 28%CPEs: 1EXPL: 2CVE-2015-8612 – blueman - set_dhcp_handler D-Bus Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-8612
24 Dec 2015 — The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument. El método EnableNetwork en la clase Network en plugins/mechanism/Network.py en Blueman en versiones anteriores a 2.0.3 permite a usuarios locales obtener privilegios a través del argumento dhcp_handler. New blueman packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue. • https://packetstorm.news/files/id/151181 • CWE-264: Permissions, Privileges, and Access Controls •