rpm package
suse/bluez&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-50230 | — | < 5.55-150300.3.28.1 | 5.55-150300.3.28.1 | May 3, 2024 | BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that th | ||
| CVE-2023-50229 | — | < 5.55-150300.3.28.1 | 5.55-150300.3.28.1 | May 3, 2024 | BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that th | ||
| CVE-2023-27349 | — | < 5.55-150300.3.22.1 | 5.55-150300.3.22.1 | May 3, 2024 | BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab | ||
| CVE-2022-39177 | Hig | 8.8 | < 5.55-150300.3.19.1 | 5.55-150300.3.19.1 | Sep 2, 2022 | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | |
| CVE-2022-39176 | Hig | 8.8 | < 5.55-150300.3.19.1 | 5.55-150300.3.19.1 | Sep 2, 2022 | BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. |
- CVE-2023-50230May 3, 2024affected < 5.55-150300.3.28.1fixed 5.55-150300.3.28.1
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that th
- CVE-2023-50229May 3, 2024affected < 5.55-150300.3.28.1fixed 5.55-150300.3.28.1
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that th
- CVE-2023-27349May 3, 2024affected < 5.55-150300.3.22.1fixed 5.55-150300.3.22.1
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab
- affected < 5.55-150300.3.19.1fixed 5.55-150300.3.19.1
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
- affected < 5.55-150300.3.19.1fixed 5.55-150300.3.19.1
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.