Vulnerabilities > Bluez

DATE CVE VULNERABILITY TITLE RISK
2022-09-02 CVE-2022-39176 BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
low complexity
bluez canonical debian
8.8
8.8
2022-09-02 CVE-2022-39177 BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
low complexity
bluez canonical debian
8.8
8.8
2022-03-10 CVE-2022-0204 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap overflow vulnerability was found in bluez in versions prior to 5.63. 		8.8
8.8
2022-03-02 CVE-2021-3658 Incorrect Authorization vulnerability in multiple products
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up.
low complexity
bluez fedoraproject CWE-863
3.3
3.3
2021-11-29 CVE-2019-8921 Insufficient Verification of Data Authenticity vulnerability in multiple products
An issue was discovered in bluetoothd in BlueZ through 5.48.
low complexity
bluez debian CWE-345
6.5
6.5
2021-11-29 CVE-2019-8922 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48.
low complexity
bluez debian CWE-787
8.8
8.8
2021-11-12 CVE-2021-41229 Memory Leak vulnerability in multiple products
BlueZ is a Bluetooth protocol stack for Linux.
low complexity
bluez debian CWE-401
6.5
6.5
2021-11-04 CVE-2021-43400 Use After Free vulnerability in multiple products
An issue was discovered in gatt-database.c in BlueZ 5.61.
network
low complexity
bluez debian CWE-416
critical
 9.1
9.1
2021-06-10 CVE-2021-3588 Out-of-bounds Read vulnerability in Bluez
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.
local
low complexity
bluez CWE-125
3.3
3.3
2021-06-09 CVE-2021-0129 Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
low complexity
bluez redhat debian
5.7
5.7