Security Vulnerabilities - CVEs Published In 2021
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
CVSS Score
4.3
EPSS Score
0.0
Published
2021-11-12
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-11-12
A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session.
CVSS Score
7.2
EPSS Score
0.012
Published
2021-11-12
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.
CVSS Score
4.4
EPSS Score
0.001
Published
2021-11-12
A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services.
CVSS Score
6.4
EPSS Score
0.001
Published
2021-11-12
An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device.
CVSS Score
6.8
EPSS Score
0.001
Published
2021-11-12
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.
CVSS Score
4.2
EPSS Score
0.0
Published
2021-11-12
A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-11-12
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-11-12
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-11-12