rpm package
almalinux/bluez-obexd
pkg:rpm/almalinux/bluez-obexd
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-51596 | — | < 5.72-2.el9 | 5.72-2.el9 | May 3, 2024 | BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that th | ||
| CVE-2023-51594 | — | < 5.72-2.el9 | 5.72-2.el9 | May 3, 2024 | BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target mus | ||
| CVE-2023-51592 | — | < 5.72-2.el9 | 5.72-2.el9 | May 3, 2024 | BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit t | ||
| CVE-2023-51589 | — | < 5.72-2.el9 | 5.72-2.el9 | May 3, 2024 | BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit | ||
| CVE-2023-51580 | — | < 5.72-2.el9 | 5.72-2.el9 | May 3, 2024 | BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to e | ||
| CVE-2023-50230 | — | < 5.72-2.el9 | 5.72-2.el9 | May 3, 2024 | BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that th | ||
| CVE-2023-50229 | — | < 5.72-2.el9 | 5.72-2.el9 | May 3, 2024 | BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that th | ||
| CVE-2023-44431 | — | < 5.72-2.el9 | 5.72-2.el9 | May 3, 2024 | BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability i | ||
| CVE-2023-27349 | — | < 5.72-2.el9 | 5.72-2.el9 | May 3, 2024 | BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab | ||
| CVE-2023-45866 | — | < 5.63-3.el8_10.alma.1 | 5.63-3.el8_10.alma.1 | Dec 8, 2023 | Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to | ||
| CVE-2021-41229 | — | < 5.56-3.el8 | 5.56-3.el8 | Nov 12, 2021 | BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be |
- CVE-2023-51596May 3, 2024affected < 5.72-2.el9fixed 5.72-2.el9
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that th
- CVE-2023-51594May 3, 2024affected < 5.72-2.el9fixed 5.72-2.el9
BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target mus
- CVE-2023-51592May 3, 2024affected < 5.72-2.el9fixed 5.72-2.el9
BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit t
- CVE-2023-51589May 3, 2024affected < 5.72-2.el9fixed 5.72-2.el9
BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit
- CVE-2023-51580May 3, 2024affected < 5.72-2.el9fixed 5.72-2.el9
BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to e
- CVE-2023-50230May 3, 2024affected < 5.72-2.el9fixed 5.72-2.el9
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that th
- CVE-2023-50229May 3, 2024affected < 5.72-2.el9fixed 5.72-2.el9
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that th
- CVE-2023-44431May 3, 2024affected < 5.72-2.el9fixed 5.72-2.el9
BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability i
- CVE-2023-27349May 3, 2024affected < 5.72-2.el9fixed 5.72-2.el9
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab
- CVE-2023-45866Dec 8, 2023affected < 5.63-3.el8_10.alma.1fixed 5.63-3.el8_10.alma.1
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to
- CVE-2021-41229Nov 12, 2021affected < 5.56-3.el8fixed 5.56-3.el8
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be