CVE-2020-0556

Several security issues were fixed in BlueZ ...

Synopsis Moderate: bluez security update Type/Severity Security Advisory: Moderate Topic An update for bluez is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...

Synopsis Moderate: bluez security update Type/Severity Security Advisory: Moderate Topic An update for bluez is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...

It was reported that the BlueZ's HID and HOGP profile implementations don't specifically require bonding between the device and the host Malicious devices can take advantage of this flaw to connect to a target host and impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow H ...

Debian Bug report logs - #1057914 bluez: CVE-2023-45866 Package: src:bluez; Maintainer for src:bluez is Debian Bluetooth Maintainers <team+pkg-bluetooth@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 10 Dec 2023 16:21:04 UTC Severity: grave Tags: security, upstream Found in ver ...

Debian Bug report logs - #953770 bluez: CVE-2020-0556 Package: src:bluez; Maintainer for src:bluez is Debian Bluetooth Maintainers <team+pkg-bluetooth@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 13 Mar 2020 09:45:01 UTC Severity: grave Tags: patch, pending, security, upstream ...

Debian Bug report logs - #1006406 BlueMirror mesh attacks - CVE-2020-26556, CVE-2020-26557, CVE-2020-26559, CVE-2020-26560 Package: src:bluez; Maintainer for src:bluez is Debian Bluetooth Maintainers <team+pkg-bluetooth@trackerdebianorg>; Reported by: Ben Hutchings <ben@decadentorguk> Date: Fri, 25 Feb 2022 02:30: ...

Improper access control in subsystem for BlueZ before version 554 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access (CVE-2020-0556) ...

It was discovered that the HID and HOGP profiles implementations in bluez before 554 don't specifically require bonding between the device and the host This creates an opportunity for a malicious device to connect to a target host to either impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take pl ...