Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bluez bluez vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-43400
An issue exists in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.
Bluez Bluez 5.61
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2022-39176
BlueZ prior to 5.59 allows physically proximate malicious users to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
Bluez Bluez
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2022-39177
BlueZ prior to 5.59 allows physically proximate malicious users to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
Bluez Bluez
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2022-0204
A heap overflow vulnerability was found in bluez in versions before 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
Bluez Bluez
Fedoraproject Fedora 35
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2019-8922
A heap-based buffer overflow exists in bluetoothd in BlueZ up to and including 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appen...
Bluez Bluez
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2021-3491
The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code e...
Linux Linux Kernel
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
Canonical Ubuntu Linux 21.04
8.8
CVSSv3
CVE-2020-12351
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
Linux Linux Kernel 5.9.0
Linux Linux Kernel
Linux Linux Kernel 5.9.1
1 Github repository
8.8
CVSSv3
CVE-2017-0781
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.
Google Android 7.1.0
Google Android 7.1.1
Google Android 5.1.0
Google Android 5.1.1
Google Android 4.1.2
Google Android 4.2
Google Android 4.4.2
Google Android 4.4.3
Google Android 4.4.4
Google Android 8.0
Google Android 7.0
Google Android 5.0.2
Google Android 5.1
Google Android 4.0.4
Google Android 4.1
Google Android 4.4
Google Android 4.4.1
Google Android 5.0
Google Android 5.0.1
Google Android 4.0.2
Google Android 4.0.3
Google Android 4.3
1 EDB exploit
20 Github repositories
8.8
CVSSv3
CVE-2017-0782
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237.
Google Android 8.0
Google Android 7.0
Google Android 5.0.1
Google Android 5.0.2
Google Android 4.0.4
Google Android 4.1
Google Android 4.4
Google Android 4.4.1
Google Android 6.0.1
Google Android 5.0
Google Android 4.0.2
Google Android 4.0.3
Google Android 4.3
Google Android 4.3.1
Google Android 7.1.2
Google Android 6.0
Google Android 5.1.1
Google Android 4.0
Google Android 4.0.1
Google Android 4.2.1
Google Android 4.2.2
Google Android 4.4.4
4 Github repositories
8.8
CVSSv3
CVE-2017-8403
360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android o...
360fly 4k Camera Firmware 2.1.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »