Lucene search
K

17996 matches found

BDU FSTEC
BDU FSTEC
added yesterday8 views

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...

5.5CVSS6AI score0.00127EPSS
Exploits0References6Affected Software4
BDU FSTEC
BDU FSTEC
added yesterday15 views

The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.

The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

7CVSS6.1AI score0.0013EPSS
Exploits0References5Affected Software2
NVD
NVD
added yesterday4 views

CVE-2026-22099

The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL...

8.7CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-22099

CVE-2026-22099 affects a charging station where Bluetooth commands do not require authentication. This leads to exposure of sensitive information, potential reboot triggering, and the ability to push a firmware update URL via Bluetooth. The issue is described with high impact on confidentiality, ...

8.7CVSS6.1AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-22099 Missing authentication for Bluetooth communication

The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL...

8.7CVSS0.00247EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-10660

The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...

6.4CVSS0.00159EPSS
Exploits0References2
CVE
CVE
added 3 days ago15 views

CVE-2026-10660

The CVE-2026-10660 issue affects the Zephyr Bluetooth BAP Broadcast Assistant GATT client (subsys/bluetooth/audio/bap_broadcast_assistant.c). A single static net_buf_simple buffer (att_buf, BT_ATT_MAX_ATTRIBUTE_LEN = 512) is shared across all connections; per-connection state (BUSY flag, long-rea...

6.4CVSS6.2AI score0.00159EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-10660 Shared reassembly buffer in Bluetooth BAP Broadcast Assistant enables cross-connection memory corruption

The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...

6.4CVSS0.00159EPSS
Exploits0References2
OSV
OSV
added 3 days ago2 views

CVE-2026-10660 Shared reassembly buffer in Bluetooth BAP Broadcast Assistant enables cross-connection memory corruption

The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bapbroadcastassistant.c reassembled remote Broadcast Receive State data into a single file-static netbufsimple attbuf, BTATTMAXATTRIBUTELEN = 512 bytes shared by all connection instances, while the BUSY flag, long-read...

6.4CVSS6.2AI score0.00159EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago5 views

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS6.4AI score0.00757EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 6 days ago4 views

kernel: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by scosocktimeout When the sco connection is established and then, the sco socket is releasing, timeoutwork will be scheduled to judge whether the sco disconnection is timeout. The sock...

7.8CVSS6.3AI score0.00757EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 6 days ago4 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS5.9AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago3 views

kernel: Bluetooth: SCO: Fix UAF on sco_sock_timeout

A use-after-free vulnerability was found in the Linux kernel's Bluetooth SCO. When scosocktimeout is called, conn-sk may be unlinked/freed while waiting for scoconnlock. This checks if the conn-sk is still valid by checking if it is part of scosklist, leading to a loss of availability and system...

7.8CVSS5.9AI score0.0023EPSS
Exploits0References5
NVD
NVD
added last week8 views

CVE-2026-37271

Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearb...

9.8CVSS0.00373EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/07 5:55 a.m.13 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS6.3AI score0.00353EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/07 5:55 a.m.3 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.2AI score0.003EPSS
Exploits0References5
CVE
CVE
added 2026/07/07 12:0 a.m.10 views

CVE-2026-37271

CVE-2026-37271 affects Fire-Boltt Smartwatch FB BGS001 (Firmware MOY-JS14-2.0.4). The issue is improper authentication: the device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under certain conditions, previously captured BLE packets can be r...

9.8CVSS6AI score0.00373EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.5 views

PT-2026-56281

Name of the Vulnerable Software and Affected Versions Fire-Boltt Smartwatch FB BGS001 version MOY-JS14-2.0.4 Description Improper authentication allows the device to accept GATT Write Request commands without sufficient authentication or strong session validation. This enables a nearby device to...

9.8CVSS6.1AI score0.00373EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/07 12:0 a.m.25 views

CVE-2026-37271

Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearb...

0.00373EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/06 2:33 p.m.7 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.2AI score0.003EPSS
Exploits0References5
Rows per page
Query Builder