This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Bluez First view 2017-06-09
Product Bluez Last view 2021-06-10
Version - Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:bluez:bluez

Activity : Overall

Related : CVE

  Date Alert Description
3.3 2021-06-10 CVE-2021-3588

The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.

5.7 2021-06-09 CVE-2021-0129

Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.

6.5 2021-02-02 CVE-2020-24490

Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.

6.5 2020-11-23 CVE-2020-12352

Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

8.6 2020-10-15 CVE-2020-27153

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.

7.1 2020-03-12 CVE-2020-0556

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access

3.3 2019-01-28 CVE-2018-10910

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.

6.5 2017-09-12 CVE-2017-1000250

All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.

7.8 2017-06-09 CVE-2016-7837

Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-415 Double Free
25% (1) CWE-200 Information Exposure
25% (1) CWE-125 Out-of-bounds Read
25% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Nessus® Vulnerability Scanner

id Description
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2685.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-77f991e537.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1176.nasl - Type: ACT_GATHER_INFO
2017-09-22 Name: The remote Debian host is missing a security update.
File: debian_DLA-1103.nasl - Type: ACT_GATHER_INFO
2017-09-18 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-258-01.nasl - Type: ACT_GATHER_INFO
2017-09-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3972.nasl - Type: ACT_GATHER_INFO
2017-09-14 Name: The remote Fedora host is missing a security update.
File: fedora_2017-fe95a5b88b.nasl - Type: ACT_GATHER_INFO
2017-09-13 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-2685.nasl - Type: ACT_GATHER_INFO
2017-09-13 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-2685.nasl - Type: ACT_GATHER_INFO
2017-09-13 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2685.nasl - Type: ACT_GATHER_INFO
2017-09-13 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170912_bluez_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-09-13 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3413-1.nasl - Type: ACT_GATHER_INFO