Lucene search
K

266 matches found

Nuclei
Nuclei
added yesterday72 views

Nimble Streamer <=3.5.4-9 - Local File Inclusion

Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server. id: CVE-2019-11013 info: name: Nimble Streamer =3.5.4-9 - Local File Inclusion...

6.5CVSS6.7AI score0.23978EPSS
Exploits5References5
HPE Security Bulletins
HPE Security Bulletins
added 2026/01/20 12:0 a.m.3 views

HPESBST04995 rev.1 - HPE Alletra 6000, HPE Alletra 5000 and HPE Nimble Storage Array OS, Remote Privilege Elevation

Potential Security Impact: Remote: Increased Privilege SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE Alletra 6000 - prior to 6.1.2.800, 6.1.3 prior to 6.1.3.300 HPE Nimble Storage Hybrid Flash Arrays - prior to 6.1.2.800, 6.1.3 prior to 6.1.3.300 Nimble Storage All Flash...

8.8CVSS7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.32 views

PT-2026-4329

Name of the Vulnerable Software and Affected Versions HPE Alletra 6000/5000 and Nimble Storage versions prior to 6.1.2.800 HPE Alletra 6000/5000 and Nimble Storage versions prior to 6.1.3.300 Description A privilege escalation flaw exists in HPE Alletra 6000/5000 and Nimble Storage arrays. An...

9CVSS5.3AI score
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/13 10:54 p.m.6 views

CVE-2025-52435

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

7.5CVSS6.9AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.6 views

CVE-2025-53477

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

7.5CVSS7.2AI score0.00696EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.5 views

CVE-2025-62235

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

8.1CVSS7AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.6 views

CVE-2025-53470

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are...

3.1CVSS6.8AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 2026/01/10 10:15 a.m.20 views

CVE-2025-53470

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are...

3.1CVSS0.0033EPSS
Exploits0References3
NVD
NVD
added 2026/01/10 10:15 a.m.8 views

CVE-2025-52435

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

7.5CVSS0.00207EPSS
Exploits0References4
NVD
NVD
added 2026/01/10 10:15 a.m.9 views

CVE-2025-53477

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

7.5CVSS0.00696EPSS
Exploits0References4
NVD
NVD
added 2026/01/10 10:15 a.m.12 views

CVE-2025-62235

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

8.1CVSS0.00371EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/10 9:47 a.m.6 views

CVE-2025-52435 Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

6.5AI score0.00207EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/10 9:47 a.m.28 views

CVE-2025-52435 Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

0.00207EPSS
Exploits0References3
CVE
CVE
added 2026/01/10 9:47 a.m.20 views

CVE-2025-52435

CVE-2025-52435 affects Apache NimBLE (Mynewt NimBLE) up to version 1.8.0. The issue is caused by improper handling of the Pause Encryption procedure on the Link Layer, which can leave a previously encrypted connection in an unencrypted state and allow an eavesdropper to observe the remainder of t...

7.5CVSS6.5AI score0.00207EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/01/10 9:47 a.m.10 views

EUVD-2026-1854

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

6.4AI score0.00207EPSS
Exploits0References5
OSV
OSV
added 2026/01/10 9:47 a.m.7 views

CVE-2025-52435 Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

7.5CVSS6AI score0.00207EPSS
Exploits0References6
CVE
CVE
added 2026/01/10 9:46 a.m.18 views

CVE-2025-53470

Summary: CVE-2025-53470 affects Apache NimBLE’s HCI H4 driver. An out-of-bounds read can be triggered by a specially crafted HCI event, leading to an invalid memory read.affected software: Apache NimBLE up to version 1.8 (inclusive); advisory recommends upgrading to version 1.9 which contains the...

3.1CVSS6.4AI score0.0033EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/01/10 9:46 a.m.9 views

EUVD-2026-1849

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are...

6.2AI score0.0033EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/10 9:46 a.m.7 views

CVE-2025-53470 Apache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are...

6.4AI score0.0033EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/10 9:46 a.m.28 views

CVE-2025-53470 Apache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are...

0.0033EPSS
Exploits0References2
Rows per page
Query Builder