ZDI-23-1903: BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability | allinfosecnews.com

Dec. 21, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2023-51580.

attackers audio bluetooth bluez connect cve cves cvss device disclosure exploit information information disclosure information disclosure vulnerability malicious network out-of-bounds profile rating sensitive sensitive information target vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-419: (Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability 3 days, 10 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +18

ZDI-24-418: (Pwn2Own) Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability 3 days, 10 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +18

ZDI-24-417: Xiaomi Pro 13 isUrlMatchLevel Permissive List of Allowed Inputs Remote Code Execution Vulnerability 3 days, 10 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-416: Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability 5 days, 10 hours ago | www.zerodayinitiative.com

arbitrary code attackers centreon code +12

ZDI-24-407: X.Org Server ProcRenderAddGlyphs Use-After-Free Local Privilege Escalation Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

attacker attackers code cve +23

ZDI-24-406: Adobe After Effects AEP File Parsing Use-After-Free Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

adobe adobe after effects aep after effects +18

ZDI-24-405: Lexmark CX331adwe IPP Server Authorization HTTP Header Heap-Based Buffer Overflow Remote Code Execution Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

arbitrary code attackers authentication authorization +20

ZDI-24-415: (Pwn2Own) Oracle VirtualBox E1000 Uninitialized Memory Information Disclosure Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

attacker attackers code cves +22

ZDI-24-414: (Pwn2Own) Oracle VirtualBox AHCI Controller Uninitialized Memory Information Disclosure Vulnerability 1 week, 1 day ago | www.zerodayinitiative.com

attacker attackers code controller +22

Lead Security Specialist

@ Fujifilm | Holly Springs, NC, United States

View on infosec-jobs.com

Security Operations Centre Analyst

@ Deliveroo | Hyderabad, India (Main Office)

View on infosec-jobs.com

CISOC Analyst

@ KCB Group | Kenya

View on infosec-jobs.com

Lead Security Engineer – Red Team/Offensive Security

@ FICO | Work from Home, United States

View on infosec-jobs.com

Cloud Security SME

@ Maveris | Washington, District of Columbia, United States - Remote

View on infosec-jobs.com

SOC Analyst (m/w/d)

@ Bausparkasse Schwäbisch Hall | Schwäbisch Hall, DE

View on infosec-jobs.com