VYPR

rpm package

suse/bluez&distro=SUSE Manager Server 4.2

pkg:rpm/suse/bluez&distro=SUSE%20Manager%20Server%204.2

Vulnerabilities (4)

  • CVE-2023-27349May 3, 2024
    affected < 5.55-150300.3.22.1fixed 5.55-150300.3.22.1

    BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerab

  • CVE-2022-39177HigSep 2, 2022
    affected < 5.55-150300.3.19.1fixed 5.55-150300.3.19.1

    BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

  • CVE-2022-39176HigSep 2, 2022
    affected < 5.55-150300.3.19.1fixed 5.55-150300.3.19.1

    BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.

  • CVE-2021-41229Nov 12, 2021
    affected < 5.55-150300.3.25.1fixed 5.55-150300.3.25.1

    BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be