How severe is CVE-2019-8921?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2019-8921?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2019-8921

MEDIUM Year: 2019

CVSS v3 Score

6.5

Medium

CVSS v2 Score

3.3

Low

Weakness Type

CWE-345

View all →

Vulnerability Description

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.

CVE-2019-17228

MEDIUM

CVSS:6.5(Medium)

includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes.

CWE-3452019

CVE-2019-5587

MEDIUM

CVSS:6.5(Medium)

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassemblin...

CWE-3452019

CVE-2020-10137

MEDIUM

CVSS:6.5(Medium)

Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE...

CWE-3452020

CVE-2020-9230

MEDIUM

CVSS:6.5(Medium)

WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due to improper verification of specific message, an attacker may exploit this vulnerability to cause specific function to become abn...

CWE-3452020

CVE-2021-22339

MEDIUM

CVSS:6.5(Medium)

There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. S...

CWE-3452021

CVE-2021-23998

MEDIUM

CVSS:6.5(Medium)

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Fire...

CWE-3452021

CVE-2019-8921

Vulnerability Description

Related Vulnerabilities

CVE-2019-17228

CVE-2019-5587

CVE-2020-10137

CVE-2020-9230

CVE-2021-22339

CVE-2021-23998