Erik Peterson

Name of the Vulnerable Software and Affected Versions: Windows Bluetooth Service (affected versions not specified) Description: A heap-based buffer overflow issue in the Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 7.0 through 9 **Description** The issue concerns the improper use of crypto in Bluetooth Low Energy (BLE) devices, specifically when a hardcoded Long Term Key (LTK) is used. This could theoretically allow a proximate attacker to remotely inject keystrokes on a paired Android host without requiring user interaction. **Recommendations** For Android versions 7.0 through 9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.