Vulnerabilities > Bluez

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-0204 Out-of-bounds Write vulnerability in multiple products
A heap overflow vulnerability was found in bluez in versions prior to 5.63.
low complexity
bluez fedoraproject CWE-787
5.8
2022-03-02 CVE-2021-3658 Incorrect Authorization vulnerability in multiple products
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up.
low complexity
bluez fedoraproject CWE-863
3.3
2021-11-29 CVE-2019-8921 Insufficient Verification of Data Authenticity vulnerability in Bluez
An issue was discovered in bluetoothd in BlueZ through 5.48.
low complexity
bluez CWE-345
3.3
2021-11-29 CVE-2019-8922 Out-of-bounds Write vulnerability in Bluez
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48.
low complexity
bluez CWE-787
5.8
2021-11-12 CVE-2021-41229 Memory Leak vulnerability in multiple products
BlueZ is a Bluetooth protocol stack for Linux.
low complexity
bluez debian CWE-401
3.3
2021-11-04 CVE-2021-43400 Use After Free vulnerability in Bluez 5.61
An issue was discovered in gatt-database.c in BlueZ 5.61.
network
low complexity
bluez CWE-416
6.4
2021-06-10 CVE-2021-3588 Out-of-bounds Read vulnerability in Bluez
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.
local
low complexity
bluez CWE-125
2.1
2021-06-09 CVE-2021-0129 Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
low complexity
bluez redhat debian
2.7
2021-02-02 CVE-2020-24490 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bluez
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access.
low complexity
bluez CWE-119
3.3
2020-11-23 CVE-2020-12352 Information Exposure vulnerability in multiple products
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
low complexity
bluez canonical CWE-200
3.3