Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-45866 (GCVE-0-2023-45866)
Vulnerability from cvelistv5 – Published: 2023-12-08 00:00 – Updated: 2025-11-04 19:25
VLAI?
EPSS
Summary
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:25:32.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bluetooth.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"name": "FEDORA-2023-6a3fe615d3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"name": "FEDORA-2023-26a02512e1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214035"
},
{
"name": "20231212 APPLE-SA-12-11-2023-4 macOS Sonoma 14.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"name": "20231212 APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"name": "[debian-lts-announce] 20231215 [SECURITY] [DLA 3689-1] bluez security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"name": "DSA-5584",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5584"
},
{
"name": "GLSA-202401-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-03"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T13:06:14.377Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bluetooth.com"
},
{
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"name": "FEDORA-2023-6a3fe615d3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"name": "FEDORA-2023-26a02512e1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"url": "https://support.apple.com/kb/HT214036"
},
{
"url": "https://support.apple.com/kb/HT214035"
},
{
"name": "20231212 APPLE-SA-12-11-2023-4 macOS Sonoma 14.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"name": "20231212 APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"name": "[debian-lts-announce] 20231215 [SECURITY] [DLA 3689-1] bluez security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"name": "DSA-5584",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5584"
},
{
"name": "GLSA-202401-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-03"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45866",
"datePublished": "2023-12-08T00:00:00.000Z",
"dateReserved": "2023-10-14T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:25:32.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
FKIE_CVE-2023-45866
Vulnerability from fkie_nvd - Published: 2023-12-08 06:15 - Updated: 2025-11-04 20:17
Severity ?
Summary
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog | Release Notes | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2023/Dec/7 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2023/Dec/9 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bluetooth.com | Not Applicable | |
| cve@mitre.org | https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 | Mailing List, Patch | |
| cve@mitre.org | https://github.com/skysafe/reblog/tree/main/cve-2023-45866 | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/ | Mailing List | |
| cve@mitre.org | https://security.gentoo.org/glsa/202401-03 | ||
| cve@mitre.org | https://support.apple.com/kb/HT214035 | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT214036 | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2023/dsa-5584 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Dec/7 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Dec/9 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bluetooth.com | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/skysafe/reblog/tree/main/cve-2023-45866 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202401-03 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT214035 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT214036 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5584 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | 4.2.2 | ||
| bluproducts | dash | 3.5 | |
| android | 6.0.1 | ||
| nexus_5 | - | ||
| android | 10.0 | ||
| android | 11.0 | ||
| pixel_2 | - | ||
| android | 13.0 | ||
| pixel_4a | - | ||
| pixel_6 | - | ||
| android | 14.0 | ||
| pixel_7 | - | ||
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 22.04 | |
| canonical | ubuntu_linux | 23.10 | |
| apple | iphone_os | 16.6 | |
| apple | iphone_se | - | |
| apple | macos | 12.6.7 | |
| apple | macbook_air | 2017 | |
| apple | macos | 13.3.3 | |
| apple | macbook_pro | m2 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| apple | ipados | * | |
| apple | iphone_os | * | |
| apple | macos | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bluproducts:dash:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "025AACE2-2B3F-4ACD-B187-22ED8CDF8BAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:nexus_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25DB8689-116F-49B5-91F5-BCBA8854BD42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:-:*:*:*",
"matchCriteriaId": "652F5027-4436-458C-84FD-7AD89B489BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.10:*:*:*:*:*:*:*",
"matchCriteriaId": "602CE21C-E1A9-4407-A504-CF4E58F596F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "705DA51B-6A6E-422D-9A22-0DB86836EA0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone_se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91A20702-427E-4876-9DEE-E244F39A2E79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:12.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "15DDFC77-1ACB-4092-A1C3-623DE3CC980C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:macbook_air:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "B649B9E4-91D9-4712-8E2A-9246E17D19CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:13.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CECFF66D-DDF3-4492-85BE-79B57E7AAE9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:macbook_pro:m2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C6A9E0-6DDD-4E64-97B0-47C69A865C0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4117208-4072-4F4C-AC42-97683B6F8FF5",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00FC779B-E45C-4B34-976F-490C38C22C67",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD",
"versionEndExcluding": "14.2",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue."
},
{
"lang": "es",
"value": "Bluetooth HID Hosts in BlueZ pueden permitir que un dispositivo HID con funci\u00f3n perif\u00e9rica no autenticada inicie y establezca una conexi\u00f3n cifrada y acepte informes de teclado HID, lo que potencialmente permite la inyecci\u00f3n de mensajes HID cuando no se ha producido ninguna interacci\u00f3n del usuario en la funci\u00f3n central para autorizar dicho acceso. Un ejemplo de paquete afectado es bluez 5.64-0ubuntu1 en Ubuntu 22.04LTS. NOTA: en algunos casos, una mitigaci\u00f3n CVE-2020-0556 ya habr\u00eda solucionado este problema de hosts HID Bluetooth."
}
],
"id": "CVE-2023-45866",
"lastModified": "2025-11-04T20:17:09.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-08T06:15:45.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://bluetooth.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202401-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214035"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2023/dsa-5584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://bluetooth.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2023/dsa-5584"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-45866
Vulnerability from osv_almalinux
Published
2024-11-12 00:00
Modified
2024-11-18 11:48
Summary
Moderate: bluez security update
Details
The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (AlmaLinux), and pcmcia configuration files.
Security Fix(es):
- bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution (CVE-2023-45866)
- BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability (CVE-2023-27349)
- bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-51596)
- bluez: OBEX library out-of-bounds read information disclosure vulnerability (CVE-2023-51594)
- bluez: audio profile avrcp parse_media_folder out-of-bounds read information disclosure vulnerability (CVE-2023-51592)
- bluez: audio profile avrcp parse_media_element out-of-bounds read information disclosure vulnerability (CVE-2023-51589)
- bluez: avrcp_parse_attribute_list out-of-bounds read information disclosure vulnerability (CVE-2023-51580)
- bluez: AVRCP stack-based buffer overflow remote code execution vulnerability (CVE-2023-44431)
- bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-50230)
- bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-50229)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bluez"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.72-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bluez-cups"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.72-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bluez-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.72-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bluez-libs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.72-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bluez-obexd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.72-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (AlmaLinux), and pcmcia configuration files. \n\nSecurity Fix(es): \n\n * bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution (CVE-2023-45866)\n * BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability (CVE-2023-27349)\n * bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-51596)\n * bluez: OBEX library out-of-bounds read information disclosure vulnerability (CVE-2023-51594)\n * bluez: audio profile avrcp parse_media_folder out-of-bounds read information disclosure vulnerability (CVE-2023-51592)\n * bluez: audio profile avrcp parse_media_element out-of-bounds read information disclosure vulnerability (CVE-2023-51589)\n * bluez: avrcp_parse_attribute_list out-of-bounds read information disclosure vulnerability (CVE-2023-51580)\n * bluez: AVRCP stack-based buffer overflow remote code execution vulnerability (CVE-2023-44431)\n * bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-50230)\n * bluez: phone book access profile heap-based buffer overflow remote code execution vulnerability (CVE-2023-50229)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\nAdditional Changes: \n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.\n",
"id": "ALSA-2024:9413",
"modified": "2024-11-18T11:48:04Z",
"published": "2024-11-12T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:9413"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-27349"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-44431"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-45866"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-50229"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-50230"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-51580"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-51589"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-51592"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-51594"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-51596"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2253391"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278787"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278945"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278955"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278962"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278965"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278967"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278969"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278972"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278974"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-9413.html"
}
],
"related": [
"CVE-2023-45866",
"CVE-2023-27349",
"CVE-2023-51596",
"CVE-2023-51594",
"CVE-2023-51592",
"CVE-2023-51589",
"CVE-2023-51580",
"CVE-2023-44431",
"CVE-2023-50230",
"CVE-2023-50229"
],
"summary": "Moderate: bluez security update"
}
cve-2023-45866
Vulnerability from osv_almalinux
Published
2024-12-17 00:00
Modified
2024-12-18 12:54
Summary
Moderate: bluez security update
Details
The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (AlmaLinux), and pcmcia configuration files.
Security Fix(es):
- bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution (CVE-2023-45866)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bluez"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.63-3.el8_10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bluez-cups"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.63-3.el8_10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bluez-hid2hci"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.63-3.el8_10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bluez-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.63-3.el8_10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bluez-libs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.63-3.el8_10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bluez-obexd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.63-3.el8_10.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (AlmaLinux), and pcmcia configuration files. \n\nSecurity Fix(es): \n\n * bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution (CVE-2023-45866)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2024:11154",
"modified": "2024-12-18T12:54:00Z",
"published": "2024-12-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:11154"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-45866"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2253391"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-11154.html"
}
],
"related": [
"CVE-2023-45866"
],
"summary": "Moderate: bluez security update"
}
CERTFR-2023-AVI-0995
Vulnerability from certfr_avis - Published: 2023-12-05 - Updated: 2023-12-11
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Android versions 11 \u00e0 14 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40090"
},
{
"name": "CVE-2023-21164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21164"
},
{
"name": "CVE-2023-41111",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41111"
},
{
"name": "CVE-2023-28550",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28550"
},
{
"name": "CVE-2023-48415",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48415"
},
{
"name": "CVE-2023-48405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48405"
},
{
"name": "CVE-2023-28587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28587"
},
{
"name": "CVE-2023-35668",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35668"
},
{
"name": "CVE-2023-21263",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21263"
},
{
"name": "CVE-2022-48457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48457"
},
{
"name": "CVE-2023-32847",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32847"
},
{
"name": "CVE-2023-48414",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48414"
},
{
"name": "CVE-2023-28580",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28580"
},
{
"name": "CVE-2023-33017",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33017"
},
{
"name": "CVE-2023-40078",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40078"
},
{
"name": "CVE-2023-33063",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33063"
},
{
"name": "CVE-2023-33106",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33106"
},
{
"name": "CVE-2023-33098",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33098"
},
{
"name": "CVE-2023-32851",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32851"
},
{
"name": "CVE-2023-28586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28586"
},
{
"name": "CVE-2023-28588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28588"
},
{
"name": "CVE-2023-48404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48404"
},
{
"name": "CVE-2023-33081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33081"
},
{
"name": "CVE-2023-21215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21215"
},
{
"name": "CVE-2023-22668",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22668"
},
{
"name": "CVE-2023-33041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33041"
},
{
"name": "CVE-2023-21402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21402"
},
{
"name": "CVE-2023-28551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28551"
},
{
"name": "CVE-2023-40095",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40095"
},
{
"name": "CVE-2023-48403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48403"
},
{
"name": "CVE-2023-21664",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21664"
},
{
"name": "CVE-2023-40098",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40098"
},
{
"name": "CVE-2023-21228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21228"
},
{
"name": "CVE-2023-40077",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40077"
},
{
"name": "CVE-2023-33053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33053"
},
{
"name": "CVE-2023-48410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48410"
},
{
"name": "CVE-2023-48416",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48416"
},
{
"name": "CVE-2022-40507",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40507"
},
{
"name": "CVE-2023-48423",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48423"
},
{
"name": "CVE-2023-40080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40080"
},
{
"name": "CVE-2023-21216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21216"
},
{
"name": "CVE-2023-33089",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33089"
},
{
"name": "CVE-2023-40087",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40087"
},
{
"name": "CVE-2023-28579",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28579"
},
{
"name": "CVE-2023-37366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37366"
},
{
"name": "CVE-2023-48401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48401"
},
{
"name": "CVE-2023-40075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40075"
},
{
"name": "CVE-2023-45773",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45773"
},
{
"name": "CVE-2023-48408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48408"
},
{
"name": "CVE-2023-21403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21403"
},
{
"name": "CVE-2023-28585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28585"
},
{
"name": "CVE-2023-45866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45866"
},
{
"name": "CVE-2023-33107",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33107"
},
{
"name": "CVE-2023-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21217"
},
{
"name": "CVE-2023-48399",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48399"
},
{
"name": "CVE-2023-48409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48409"
},
{
"name": "CVE-2023-4272",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4272"
},
{
"name": "CVE-2022-48454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48454"
},
{
"name": "CVE-2022-22076",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22076"
},
{
"name": "CVE-2023-21218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21218"
},
{
"name": "CVE-2023-32818",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32818"
},
{
"name": "CVE-2023-48421",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48421"
},
{
"name": "CVE-2023-40081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40081"
},
{
"name": "CVE-2023-33054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33054"
},
{
"name": "CVE-2023-21401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21401"
},
{
"name": "CVE-2023-40082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40082"
},
{
"name": "CVE-2023-48413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48413"
},
{
"name": "CVE-2023-40079",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40079"
},
{
"name": "CVE-2023-48420",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48420"
},
{
"name": "CVE-2023-32850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32850"
},
{
"name": "CVE-2023-40103",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40103"
},
{
"name": "CVE-2023-48411",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48411"
},
{
"name": "CVE-2023-45774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45774"
},
{
"name": "CVE-2023-33080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33080"
},
{
"name": "CVE-2023-40089",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40089"
},
{
"name": "CVE-2023-28546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28546"
},
{
"name": "CVE-2023-45781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45781"
},
{
"name": "CVE-2023-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40094"
},
{
"name": "CVE-2023-3889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3889"
},
{
"name": "CVE-2022-48455",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48455"
},
{
"name": "CVE-2023-40097",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40097"
},
{
"name": "CVE-2022-48459",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48459"
},
{
"name": "CVE-2023-33024",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33024"
},
{
"name": "CVE-2023-28575",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28575"
},
{
"name": "CVE-2023-48412",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48412"
},
{
"name": "CVE-2023-33097",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33097"
},
{
"name": "CVE-2023-21662",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21662"
},
{
"name": "CVE-2023-21394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21394"
},
{
"name": "CVE-2023-40084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40084"
},
{
"name": "CVE-2023-33088",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33088"
},
{
"name": "CVE-2023-33018",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33018"
},
{
"name": "CVE-2022-48461",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48461"
},
{
"name": "CVE-2023-21267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21267"
},
{
"name": "CVE-2023-40092",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40092"
},
{
"name": "CVE-2023-22383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22383"
},
{
"name": "CVE-2023-40074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40074"
},
{
"name": "CVE-2023-48406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48406"
},
{
"name": "CVE-2023-35690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35690"
},
{
"name": "CVE-2023-33087",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33087"
},
{
"name": "CVE-2023-21652",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21652"
},
{
"name": "CVE-2023-48422",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48422"
},
{
"name": "CVE-2023-45777",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45777"
},
{
"name": "CVE-2023-33022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33022"
},
{
"name": "CVE-2022-48458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48458"
},
{
"name": "CVE-2023-21162",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21162"
},
{
"name": "CVE-2023-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33092"
},
{
"name": "CVE-2023-40076",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40076"
},
{
"name": "CVE-2023-40073",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40073"
},
{
"name": "CVE-2023-32848",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32848"
},
{
"name": "CVE-2023-40096",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40096"
},
{
"name": "CVE-2023-45775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45775"
},
{
"name": "CVE-2023-48397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48397"
},
{
"name": "CVE-2023-40088",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40088"
},
{
"name": "CVE-2023-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21166"
},
{
"name": "CVE-2023-21227",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21227"
},
{
"name": "CVE-2023-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32804"
},
{
"name": "CVE-2023-21163",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21163"
},
{
"name": "CVE-2023-33079",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33079"
},
{
"name": "CVE-2023-45776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45776"
},
{
"name": "CVE-2023-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21634"
},
{
"name": "CVE-2023-45779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45779"
},
{
"name": "CVE-2023-48398",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48398"
},
{
"name": "CVE-2023-40083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40083"
},
{
"name": "CVE-2023-40091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40091"
},
{
"name": "CVE-2023-48402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48402"
},
{
"name": "CVE-2023-48407",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48407"
},
{
"name": "CVE-2022-48456",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48456"
}
],
"initial_release_date": "2023-12-05T00:00:00",
"last_revision_date": "2023-12-11T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0995",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-05T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 Pixel du 06 d\u00e9cembre 2023.",
"revision_date": "2023-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 04 d\u00e9cembre 2023",
"url": "https://source.android.com/docs/security/bulletin/2023-12-01?hl=fr"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Pixel du 06 d\u00e9cembre 2023",
"url": "https://source.android.com/docs/security/bulletin/pixel/2023-12-01?hl=fr"
}
]
}
CERTFR-2023-AVI-1013
Vulnerability from certfr_avis - Published: 2023-12-12 - Updated: 2023-12-12
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
D'après l'éditeur, les vulnérabilités CVE-2023-42916 et CVE-2023-42917 seraient activement exploitées dans le cadre d'attaques ciblées sur des versions d'iOS antérieures à 16.7.1.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Monterey versions antérieures à 12.7.2 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.2 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.6.3 | ||
| Apple | N/A | iPadOS versions 16.x.x antérieures à 16.7.3 | ||
| Apple | N/A | iPadOS versions 17.x.x antérieures à 17.2 | ||
| Apple | N/A | iOS versions 17.x.x antérieures à 17.2 | ||
| Apple | N/A | iOS versions 16.x.x antérieures à 16.7.3 | ||
| Apple | Safari | Safari versions antérieures à 17.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.7.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.6.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 16.x.x ant\u00e9rieures \u00e0 16.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 17.x.x ant\u00e9rieures \u00e0 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 17.x.x ant\u00e9rieures \u00e0 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 16.x.x ant\u00e9rieures \u00e0 16.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 17.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-42904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42904"
},
{
"name": "CVE-2023-42884",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42884"
},
{
"name": "CVE-2023-42905",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42905"
},
{
"name": "CVE-2023-42911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42911"
},
{
"name": "CVE-2023-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42916"
},
{
"name": "CVE-2023-42906",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42906"
},
{
"name": "CVE-2023-42919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42919"
},
{
"name": "CVE-2023-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42898"
},
{
"name": "CVE-2023-42882",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42882"
},
{
"name": "CVE-2023-42902",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42902"
},
{
"name": "CVE-2020-19190",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19190"
},
{
"name": "CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"name": "CVE-2023-42932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42932"
},
{
"name": "CVE-2023-42924",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42924"
},
{
"name": "CVE-2020-19187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19187"
},
{
"name": "CVE-2023-42922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42922"
},
{
"name": "CVE-2023-42907",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42907"
},
{
"name": "CVE-2023-42891",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42891"
},
{
"name": "CVE-2023-42894",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42894"
},
{
"name": "CVE-2023-42927",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42927"
},
{
"name": "CVE-2020-19188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19188"
},
{
"name": "CVE-2023-42901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42901"
},
{
"name": "CVE-2023-42926",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42926"
},
{
"name": "CVE-2020-19186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19186"
},
{
"name": "CVE-2023-42900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42900"
},
{
"name": "CVE-2023-45866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45866"
},
{
"name": "CVE-2023-42908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42908"
},
{
"name": "CVE-2023-42903",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42903"
},
{
"name": "CVE-2023-42886",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42886"
},
{
"name": "CVE-2023-42874",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42874"
},
{
"name": "CVE-2023-42897",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42897"
},
{
"name": "CVE-2023-42899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42899"
},
{
"name": "CVE-2023-42842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42842"
},
{
"name": "CVE-2023-42923",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42923"
},
{
"name": "CVE-2023-42909",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42909"
},
{
"name": "CVE-2023-42910",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42910"
},
{
"name": "CVE-2020-19185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19185"
},
{
"name": "CVE-2023-42914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42914"
},
{
"name": "CVE-2023-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42890"
},
{
"name": "CVE-2020-19189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
},
{
"name": "CVE-2023-42883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42883"
},
{
"name": "CVE-2023-5344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
},
{
"name": "CVE-2023-42912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42912"
}
],
"initial_release_date": "2023-12-12T00:00:00",
"last_revision_date": "2023-12-12T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1013",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n\nD\u0027apr\u00e8s l\u0027\u00e9diteur, les vuln\u00e9rabilit\u00e9s \u003cspan class=\"mx_EventTile_body\"\ndir=\"auto\"\u003eCVE-2023-42916 et\u00a0CVE-2023-42917 seraient activement\nexploit\u00e9es dans le cadre d\u0027attaques cibl\u00e9es sur des versions d\u0027iOS\nant\u00e9rieures \u00e0 16.7.1.\u003c/span\u003e\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214038 du 11 d\u00e9cembre 2023",
"url": "https://support.apple.com/en-us/HT214038"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214034 du 11 d\u00e9cembre 2023",
"url": "https://support.apple.com/en-us/HT214034"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214036 du 11 d\u00e9cembre 2023",
"url": "https://support.apple.com/en-us/HT214036"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214035 du 11 d\u00e9cembre 2023",
"url": "https://support.apple.com/en-us/HT214035"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214039 du 11 d\u00e9cembre 2023",
"url": "https://support.apple.com/en-us/HT214039"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214037 du 11 d\u00e9cembre 2023",
"url": "https://support.apple.com/en-us/HT214037"
}
]
}
CERTFR-2025-AVI-0855
Vulnerability from certfr_avis - Published: 2025-10-09 - Updated: 2025-10-09
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions 24.4 antérieures à 24.4R2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 22.4R3-S8-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 23.4 antérieures à 23.4R2-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S4-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 22.4R3-S8 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-S2-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.4-EVO antérieures à 24.4R2-EVO | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 24.1R4 | ||
| Juniper Networks | Security Director | Security Director Policy Enforcer versions antérieures à 23.1R1 Hotpatch v3 | ||
| Juniper Networks | Junos Space | Junos Space Security Director versions antérieures à 24.1R4 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-S5-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 23.2 antérieures à 23.2R2-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 24.2 antérieures à 24.2R2-S1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 24.4 ant\u00e9rieures \u00e0 24.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R3-S8-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S4-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 22.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-S2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.4-EVO ant\u00e9rieures \u00e0 24.4R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R4",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 23.1R1 Hotpatch v3",
"product": {
"name": "Security Director",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R4",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-S5-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2 ant\u00e9rieures \u00e0 24.2R2-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24795"
},
{
"name": "CVE-2024-36903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36903"
},
{
"name": "CVE-2023-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44431"
},
{
"name": "CVE-2021-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47606"
},
{
"name": "CVE-2025-59993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59993"
},
{
"name": "CVE-2025-59997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59997"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2025-59995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59995"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2023-28466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
},
{
"name": "CVE-2024-36921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
},
{
"name": "CVE-2025-59986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59986"
},
{
"name": "CVE-2025-60009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60009"
},
{
"name": "CVE-2025-59989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59989"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2023-46103",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46103"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2023-2235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
},
{
"name": "CVE-2025-59999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59999"
},
{
"name": "CVE-2025-59994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59994"
},
{
"name": "CVE-2024-4076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
},
{
"name": "CVE-2025-59967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59967"
},
{
"name": "CVE-2022-24805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2024-37356",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37356"
},
{
"name": "CVE-2024-47538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2024-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
},
{
"name": "CVE-2025-59991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59991"
},
{
"name": "CVE-2024-5564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
},
{
"name": "CVE-2024-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
},
{
"name": "CVE-2023-28746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
},
{
"name": "CVE-2023-52864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
},
{
"name": "CVE-2025-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26600"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2025-59982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59982"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2023-43785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43785"
},
{
"name": "CVE-2024-30205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
},
{
"name": "CVE-2018-17247",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17247"
},
{
"name": "CVE-2025-60004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60004"
},
{
"name": "CVE-2023-51594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51594"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2023-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50229"
},
{
"name": "CVE-2025-59974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59974"
},
{
"name": "CVE-2025-26598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26598"
},
{
"name": "CVE-2018-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
},
{
"name": "CVE-2024-40928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40928"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-8508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
},
{
"name": "CVE-2024-36020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36020"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2025-59981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59981"
},
{
"name": "CVE-2023-31248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31248"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2024-30203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2024-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
},
{
"name": "CVE-2025-59968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59968"
},
{
"name": "CVE-2023-51592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51592"
},
{
"name": "CVE-2025-59990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59990"
},
{
"name": "CVE-2021-22146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22146"
},
{
"name": "CVE-2025-59978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59978"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-36017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
},
{
"name": "CVE-2024-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
},
{
"name": "CVE-2024-27434",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27434"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2024-38558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38558"
},
{
"name": "CVE-2025-59992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59992"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2021-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
},
{
"name": "CVE-2025-60000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60000"
},
{
"name": "CVE-2022-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
},
{
"name": "CVE-2024-47607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
},
{
"name": "CVE-2024-27065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
},
{
"name": "CVE-2024-36005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
},
{
"name": "CVE-2023-45866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45866"
},
{
"name": "CVE-2023-27349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27349"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2015-5377",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5377"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2022-24810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
},
{
"name": "CVE-2024-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2025-60001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60001"
},
{
"name": "CVE-2024-5742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5742"
},
{
"name": "CVE-2023-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50230"
},
{
"name": "CVE-2025-52960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52960"
},
{
"name": "CVE-2024-36922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36922"
},
{
"name": "CVE-2025-59996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59996"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2023-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38575"
},
{
"name": "CVE-2024-35911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35911"
},
{
"name": "CVE-2025-59957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59957"
},
{
"name": "CVE-2025-59958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59958"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2018-17244",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17244"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-26597",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26597"
},
{
"name": "CVE-2024-36971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2024-42934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42934"
},
{
"name": "CVE-2023-51580",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51580"
},
{
"name": "CVE-2024-35848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35848"
},
{
"name": "CVE-2024-27417",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27417"
},
{
"name": "CVE-2023-21102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21102"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2025-59983",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59983"
},
{
"name": "CVE-2024-36941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2024-35969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35969"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2025-60006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60006"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2015-1427",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1427"
},
{
"name": "CVE-2024-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
},
{
"name": "CVE-2024-35899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
},
{
"name": "CVE-2024-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35823"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-9632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9632"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2025-26595",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26595"
},
{
"name": "CVE-2024-26868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26868"
},
{
"name": "CVE-2023-43787",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43787"
},
{
"name": "CVE-2023-43786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43786"
},
{
"name": "CVE-2024-8235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8235"
},
{
"name": "CVE-2023-4147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4147"
},
{
"name": "CVE-2025-59977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59977"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2023-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
},
{
"name": "CVE-2025-26596",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26596"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2022-48622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48622"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2024-26828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
},
{
"name": "CVE-2025-59998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59998"
},
{
"name": "CVE-2024-26808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
},
{
"name": "CVE-2024-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
},
{
"name": "CVE-2025-60002",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60002"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
},
{
"name": "CVE-2018-3831",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3831"
},
{
"name": "CVE-2023-43490",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43490"
},
{
"name": "CVE-2025-59976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59976"
},
{
"name": "CVE-2025-59980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59980"
},
{
"name": "CVE-2025-26599",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26599"
},
{
"name": "CVE-2024-47615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
},
{
"name": "CVE-2018-3823",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3823"
},
{
"name": "CVE-2023-22655",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22655"
},
{
"name": "CVE-2024-6126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6126"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2023-39368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39368"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2024-26853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26853"
},
{
"name": "CVE-2025-59975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59975"
},
{
"name": "CVE-2025-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
},
{
"name": "CVE-2025-59987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59987"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2018-3826",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3826"
},
{
"name": "CVE-2025-26601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26601"
},
{
"name": "CVE-2024-52337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52337"
},
{
"name": "CVE-2025-59985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59985"
},
{
"name": "CVE-2025-11198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11198"
},
{
"name": "CVE-2022-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
},
{
"name": "CVE-2023-32233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2024-26327",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26327"
},
{
"name": "CVE-2015-3253",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3253"
},
{
"name": "CVE-2025-59964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59964"
},
{
"name": "CVE-2025-59988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59988"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2023-45733",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45733"
},
{
"name": "CVE-2021-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
},
{
"name": "CVE-2024-6655",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6655"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2024-27049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27049"
},
{
"name": "CVE-2025-59984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59984"
},
{
"name": "CVE-2025-52961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52961"
},
{
"name": "CVE-2023-51589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51589"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2021-3903",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3903"
},
{
"name": "CVE-2024-35800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35800"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2023-51596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51596"
},
{
"name": "CVE-2025-60010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60010"
},
{
"name": "CVE-2023-51764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51764"
},
{
"name": "CVE-2025-26594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26594"
},
{
"name": "CVE-2024-6409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6409"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2022-24808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
},
{
"name": "CVE-2025-59962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59962"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2024-40961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
}
],
"initial_release_date": "2025-10-09T00:00:00",
"last_revision_date": "2025-10-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0855",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103140",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-XSS-vulnerabilities-resolved-in-24-1R4-release"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103141",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R4-release"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103163",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-Multiple-OS-command-injection-vulnerabilities-fixed-CVE-2025-60006"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103168",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Device-allows-login-for-user-with-expired-password-CVE-2025-60010"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103171",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Reflected-client-side-HTTP-parameter-pollution-vulnerability-in-web-interface-CVE-2025-59977"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103167",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-When-a-user-with-the-name-ftp-or-anonymous-is-configured-unauthenticated-filesystem-access-is-allowed-CVE-2025-59980"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103156",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7024X-ACX7100-32C-ACX7100-48L-ACX7348-ACX7509-When-specific-valid-multicast-traffic-is-received-on-the-L3-interface-a-vulnerable-device-evo-pfemand-crashes-and-restarts-CVE-2025-59967"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103437",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Security-Director-Policy-Enforcer-An-unrestricted-API-allows-a-network-based-unauthenticated-attacker-to-deploy-malicious-vSRX-images-to-VMWare-NSX-Server-CVE-2025-11198"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103172",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Flooding-device-with-inbound-API-calls-leads-to-WebUI-and-CLI-management-access-DoS-CVE-2025-59975"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103157",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Juniper-Security-Director-Insufficient-authorization-for-sensitive-resources-in-web-interface-CVE-2025-59968"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103170",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Arbitrary-file-download-vulnerability-in-web-interface-CVE-2025-59976"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103139",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103151",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-sharding-enabled-change-in-indirect-next-hop-can-cause-RPD-crash-CVE-2025-59962"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103153",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX4700-When-forwarding-options-sampling-is-enabled-any-traffic-destined-to-the-RE-will-cause-the-forwarding-line-card-to-crash-and-restart-CVE-2025-59964"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103147",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-When-firewall-filter-rejects-traffic-these-packets-are-erroneously-sent-to-the-RE-CVE-2025-59958"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103144",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-except-PTX10003-An-unauthenticated-adjacent-attacker-sending-specific-valid-traffic-can-cause-a-memory-leak-in-cfmman-leading-to-FPC-crash-and-restart-CVE-2025-52961"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103143",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Receipt-of-specific-SIP-packets-in-a-high-utilization-situation-causes-a-flowd-crash-CVE-2025-52960"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103146",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-An-attacker-with-physical-access-can-open-a-persistent-backdoor-CVE-2025-59957"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103138",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4-by-upgrading-Log4j-Java-library-to-2-23-1-and-ElasticSearch-to-6-8-17"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103165",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-BGP-EVPN-update-message-causes-rpd-crash-CVE-2025-60004"
}
]
}
GHSA-QJCJ-XG77-6C32
Vulnerability from github – Published: 2023-12-08 06:30 – Updated: 2025-11-04 21:30
VLAI?
Details
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2023-45866"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-08T06:15:45Z",
"severity": "HIGH"
},
"details": "Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.",
"id": "GHSA-qjcj-xg77-6c32",
"modified": "2025-11-04T21:30:50Z",
"published": "2023-12-08T06:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45866"
},
{
"type": "WEB",
"url": "https://bluetooth.com"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"type": "WEB",
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-03"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214035"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214036"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5584"
},
{
"type": "WEB",
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-45866
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-45866",
"id": "GSD-2023-45866"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-45866"
],
"details": "Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.",
"id": "GSD-2023-45866",
"modified": "2023-12-13T01:20:38.380989Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-45866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bluetooth.com",
"refsource": "MISC",
"url": "https://bluetooth.com"
},
{
"name": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog",
"refsource": "MISC",
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"name": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866",
"refsource": "MISC",
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"name": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"name": "FEDORA-2023-6a3fe615d3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"name": "FEDORA-2023-26a02512e1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"name": "https://support.apple.com/kb/HT214036",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT214036"
},
{
"name": "https://support.apple.com/kb/HT214035",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT214035"
},
{
"name": "20231212 APPLE-SA-12-11-2023-4 macOS Sonoma 14.2",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"name": "20231212 APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"name": "[debian-lts-announce] 20231215 [SECURITY] [DLA 3689-1] bluez security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"name": "DSA-5584",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2023/dsa-5584"
},
{
"name": "GLSA-202401-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202401-03"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bluproducts:dash:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "025AACE2-2B3F-4ACD-B187-22ED8CDF8BAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:nexus_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25DB8689-116F-49B5-91F5-BCBA8854BD42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B76B2AD-52E2-41D2-82D7-557DC32E064F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_4a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E49FC5D-ACC7-498F-88E9-293AB276CF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C27C4FD0-E67A-4D54-A00A-BDD59AAABB4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:pixel_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1347ED-56D0-4AF8-92D8-D4E427B5A1CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:-:*:*:*",
"matchCriteriaId": "652F5027-4436-458C-84FD-7AD89B489BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.10:*:*:*:*:*:*:*",
"matchCriteriaId": "602CE21C-E1A9-4407-A504-CF4E58F596F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "705DA51B-6A6E-422D-9A22-0DB86836EA0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone_se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91A20702-427E-4876-9DEE-E244F39A2E79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:12.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "15DDFC77-1ACB-4092-A1C3-623DE3CC980C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:macbook_air:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "B649B9E4-91D9-4712-8E2A-9246E17D19CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:13.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CECFF66D-DDF3-4492-85BE-79B57E7AAE9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:macbook_pro:m2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C6A9E0-6DDD-4E64-97B0-47C69A865C0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED754E44-EDCF-4B0F-B662-E4C2687B4920",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00FC779B-E45C-4B34-976F-490C38C22C67",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD",
"versionEndExcluding": "14.2",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue."
},
{
"lang": "es",
"value": "Bluetooth HID Hosts in BlueZ pueden permitir que un dispositivo HID con funci\u00f3n perif\u00e9rica no autenticada inicie y establezca una conexi\u00f3n cifrada y acepte informes de teclado HID, lo que potencialmente permite la inyecci\u00f3n de mensajes HID cuando no se ha producido ninguna interacci\u00f3n del usuario en la funci\u00f3n central para autorizar dicho acceso. Un ejemplo de paquete afectado es bluez 5.64-0ubuntu1 en Ubuntu 22.04LTS. NOTA: en algunos casos, una mitigaci\u00f3n CVE-2020-0556 ya habr\u00eda solucionado este problema de hosts HID Bluetooth."
}
],
"id": "CVE-2023-45866",
"lastModified": "2024-01-05T13:15:08.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-08T06:15:45.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Dec/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://bluetooth.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/skysafe/reblog/tree/main/cve-2023-45866"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202401-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214035"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2023/dsa-5584"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
CVE-2023-45866
Vulnerability from fstec - Published: 01.08.2023
VLAI Severity ?
Title
Уязвимость интерфейса HID Profile (Human Interface Device) стека протоколов Bluetooth для ОС Linux BlueZ, позволяющая нарушителю повысить свои привилегии и выполнить произвольные команды
Description
Уязвимость интерфейса HID Profile (Human Interface Device) стека протоколов Bluetooth для ОС Linux BlueZ связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии и выполнить произвольные команды
Severity ?
Vendor
Сообщество свободного программного обеспечения, Canonical Ltd., Google Inc, ООО «Ред Софт», ООО «РусБИТех-Астра», Fedora Project, Apple Inc., ООО «Открытая мобильная платформа», ООО «НЦПР»
Software Name
Debian GNU/Linux, Ubuntu, Android, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Fedora, BlueZ, MacOS, iOS, ОС Аврора (запись в едином реестре российских программ №1543), МСВСфера
Software Version
10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 16.04 ESM (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 12 (Android), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 22.04 LTS (Ubuntu), 12L (Android), 4.7 (Astra Linux Special Edition), 38 (Fedora), 13 (Android), 39 (Fedora), 18.04 ESM (Ubuntu), 23.04 (Ubuntu), 11 (Android), 23.10 (Ubuntu), 14 (Android), до 5.53 (BlueZ), от 4.2.2 до 10 включительно (Android), 13.3.3 (MacOS), 12.6.7 (MacOS), 16.6 (iOS), до 5.1.1 включительно (ОС Аврора), 9.5 (МСВСфера)
Possible Mitigations
Использование рекомендаций:
Для BlueZ:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
Для Android:
https://source.android.com/docs/security/bulletin/2023-12-01?hlru&hl=ru
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a7d9aaceea0f7d6cb4ae3da5aa66efb0bc7db8
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4e439c22354f0aa868a982bc88bcc9de3bc37f7
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a99edb35d6c044dbd607a74b88102bf2f36d5ef5
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9194524a92e0f5859caeab1ff487d21d9b513d0b
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5673b3c6bbe8c6c9edb8afb5e9499dc3a41d3943
Для Ubuntu:
https://ubuntu.com/security/notices/USN-6540-1
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-45866
Для Fedora:
https://bodhi.fedoraproject.org/updates/FEDORA-2023-6a3fe615d3
https://bodhi.fedoraproject.org/updates/FEDORA-2023-26a02512e1
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС Astra Linux:
обновить пакет bluez до 5.54-1~bpo10+1+ci202405281355+astra3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
Для ОС Аврора:
https://cve.omp.ru/bb25402
Для Astra Linux Special Edition 4.7 для архитектуры ARM:
обновить пакет bluez до 5.54-1~bpo10+1+ci202405281355+astra3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
Для МСВСфера: https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:9413?lang=ru
Reference
https://3dnews.ru/1097187/ocherednaya-uyazvimost-bluetooth-zatronula-produktsiyu-apple-ustroystva-pod-linux-i-android
https://www.securitylab.ru/news/544385.php
https://source.android.com/docs/security/bulletin/2023-12-01?hlru&hl=ru
http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog
https://bluetooth.com
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
https://ubuntu.com/security/notices/USN-6540-1
https://access.redhat.com/security/cve/cve-2023-45866
https://bugzilla.redhat.com/show_bug.cgi?id=2253391
https://security-tracker.debian.org/tracker/CVE-2023-45866
https://3dnews.ru/1097187/ocherednaya-uyazvimost-bluetooth-zatronula-produktsiyu-apple-ustroystva-pod-linux-i-android
https://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog
https://bodhi.fedoraproject.org/updates/FEDORA-2023-6a3fe615d3
https://bodhi.fedoraproject.org/updates/FEDORA-2023-26a02512e1
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a7d9aaceea0f7d6cb4ae3da5aa66efb0bc7db8
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4e439c22354f0aa868a982bc88bcc9de3bc37f7
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a99edb35d6c044dbd607a74b88102bf2f36d5ef5
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/9194524a92e0f5859caeab1ff487d21d9b513d0b
https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5673b3c6bbe8c6c9edb8afb5e9499dc3a41d3943
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
https://cve.omp.ru/bb25402
https://media.defense.gov/2024/Oct/09/2003562611/-1/-1/0/CSA-UPDATE-ON-SVR-CYBER-OPS.PDF
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:9413?lang=ru
CWE
CWE-285, CWE-287
{
"CVSS 2.0": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., Google Inc, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fedora Project, Apple Inc., \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb, \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 16.04 ESM (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 12 (Android), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 22.04 LTS (Ubuntu), 12L (Android), 4.7 (Astra Linux Special Edition), 38 (Fedora), 13 (Android), 39 (Fedora), 18.04 ESM (Ubuntu), 23.04 (Ubuntu), 11 (Android), 23.10 (Ubuntu), 14 (Android), \u0434\u043e 5.53 (BlueZ), \u043e\u0442 4.2.2 \u0434\u043e 10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Android), 13.3.3 (MacOS), 12.6.7 (MacOS), 16.6 (iOS), \u0434\u043e 5.1.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430), 9.5 (\u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f BlueZ:\nhttps://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675\n\n\u0414\u043b\u044f Android:\nhttps://source.android.com/docs/security/bulletin/2023-12-01?hlru\u0026hl=ru\nhttps://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a7d9aaceea0f7d6cb4ae3da5aa66efb0bc7db8\nhttps://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4e439c22354f0aa868a982bc88bcc9de3bc37f7\nhttps://android.googlesource.com/platform/packages/modules/Bluetooth/+/a99edb35d6c044dbd607a74b88102bf2f36d5ef5\nhttps://android.googlesource.com/platform/packages/modules/Bluetooth/+/9194524a92e0f5859caeab1ff487d21d9b513d0b\nhttps://android.googlesource.com/platform/packages/modules/Bluetooth/+/5673b3c6bbe8c6c9edb8afb5e9499dc3a41d3943\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-6540-1\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-45866\n\n\u0414\u043b\u044f Fedora:\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2023-6a3fe615d3\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2023-26a02512e1\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 bluez \u0434\u043e 5.54-1~bpo10+1+ci202405281355+astra3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430:\nhttps://cve.omp.ru/bb25402\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 bluez \u0434\u043e 5.54-1~bpo10+1+ci202405281355+astra3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n\n\u0414\u043b\u044f \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430: https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:9413?lang=ru",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.08.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.11.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "11.12.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08562",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-45866",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Ubuntu, Android, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora, BlueZ, MacOS, iOS, \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , Canonical Ltd. Ubuntu 16.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , Google Inc Android 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 22.04 LTS , Google Inc Android 12L , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora Project Fedora 38 , Google Inc Android 13 , Fedora Project Fedora 39 , Canonical Ltd. Ubuntu 18.04 ESM , Canonical Ltd. Ubuntu 23.04 , Google Inc Android 11 , Canonical Ltd. Ubuntu 23.10 , Google Inc Android 14 , Google Inc Android \u043e\u0442 4.2.2 \u0434\u043e 10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , Apple Inc. MacOS 13.3.3 , Apple Inc. MacOS 12.6.7 , Apple Inc. iOS 16.6 , \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Mashtab TrustPhone T1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Fplus T1100 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Fplus T800 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430 9.5 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 HID Profile (Human Interface Device) \u0441\u0442\u0435\u043a\u0430 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 Bluetooth \u0434\u043b\u044f \u041e\u0421 Linux BlueZ, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-285), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f (CWE-287)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 HID Profile (Human Interface Device) \u0441\u0442\u0435\u043a\u0430 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 Bluetooth \u0434\u043b\u044f \u041e\u0421 Linux BlueZ \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://3dnews.ru/1097187/ocherednaya-uyazvimost-bluetooth-zatronula-produktsiyu-apple-ustroystva-pod-linux-i-android\nhttps://www.securitylab.ru/news/544385.php\nhttps://source.android.com/docs/security/bulletin/2023-12-01?hlru\u0026hl=ru\nhttp://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog \nhttps://bluetooth.com \nhttps://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 \nhttps://github.com/skysafe/reblog/tree/main/cve-2023-45866\nhttps://ubuntu.com/security/notices/USN-6540-1\nhttps://access.redhat.com/security/cve/cve-2023-45866\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2253391\nhttps://security-tracker.debian.org/tracker/CVE-2023-45866\nhttps://3dnews.ru/1097187/ocherednaya-uyazvimost-bluetooth-zatronula-produktsiyu-apple-ustroystva-pod-linux-i-android\nhttps://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2023-6a3fe615d3\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2023-26a02512e1\nhttps://android.googlesource.com/platform/packages/modules/Bluetooth/+/25a7d9aaceea0f7d6cb4ae3da5aa66efb0bc7db8\nhttps://android.googlesource.com/platform/packages/modules/Bluetooth/+/f4e439c22354f0aa868a982bc88bcc9de3bc37f7\nhttps://android.googlesource.com/platform/packages/modules/Bluetooth/+/a99edb35d6c044dbd607a74b88102bf2f36d5ef5\nhttps://android.googlesource.com/platform/packages/modules/Bluetooth/+/9194524a92e0f5859caeab1ff487d21d9b513d0b\nhttps://android.googlesource.com/platform/packages/modules/Bluetooth/+/5673b3c6bbe8c6c9edb8afb5e9499dc3a41d3943\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://cve.omp.ru/bb25402\nhttps://media.defense.gov/2024/Oct/09/2003562611/-1/-1/0/CSA-UPDATE-ON-SVR-CYBER-OPS.PDF\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://errata.msvsphere-os.ru/definition/9/INFCSA-2024:9413?lang=ru",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-285, CWE-287",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…