Lucene search
+L

266 matches found

OSV
OSV
added 2026/01/10 9:46 a.m.7 views

CVE-2025-53470 Apache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are...

3.1CVSS6AI score0.0033EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/10 9:45 a.m.6 views

EUVD-2026-1853

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

6.6AI score0.00696EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/10 9:45 a.m.29 views

CVE-2025-53477 Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

0.00696EPSS
Exploits0References3
CVE
CVE
added 2026/01/10 9:45 a.m.19 views

CVE-2025-53477

CVE-2025-53477 is a NULL pointer dereference vulnerability in Apache NimBLE (NimBLE host HCI layer). The issue stems from missing validation of HCI connection complete or HCI command TX buffers, which can lead to a NULL pointer dereference when combined with disabled asserts and a malfunctioning ...

7.5CVSS6.8AI score0.00696EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/10 9:45 a.m.6 views

CVE-2025-53477 Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

6.8AI score0.00696EPSS
Exploits0References3
OSV
OSV
added 2026/01/10 9:45 a.m.6 views

CVE-2025-53477 Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

7.5CVSS6.1AI score0.00696EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/10 9:42 a.m.6 views

EUVD-2026-1851

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

6.4AI score0.00371EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/10 9:42 a.m.27 views

CVE-2025-62235 Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

0.00371EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/10 9:42 a.m.3 views

CVE-2025-62235 Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

6.6AI score0.00371EPSS
Exploits0References2
CVE
CVE
added 2026/01/10 9:42 a.m.37 views

CVE-2025-62235

CVE-2025-62235 : Authentication bypass by spoofing in Apache NimBLE allows an attacker to remove the original Bond and re-bind with an impostor via a specially crafted Security Request. Affected software: Apache NimBLE up to version 1.8.0; impact includes potential compromise of pairing/authentic...

8.1CVSS6.6AI score0.00371EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/10 9:42 a.m.6 views

CVE-2025-62235 Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

8.1CVSS5.9AI score0.00371EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.13 views

PT-2026-1815

Name of the Vulnerable Software and Affected Versions Apache NimBLE versions through 1.8 Description An out-of-bounds read issue exists in the Apache NimBLE HCI H4 driver. A specially crafted HCI event can cause an invalid memory read within the H4 driver. The issue is considered low severity as ...

3.1CVSS6.5AI score0.0033EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

Apache NimBLE 安全漏洞

Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. A security vulnerability exists in Apache NimBLE versions 1.8.0 and earlier, whi...

7.5CVSS6.5AI score0.00207EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.12 views

Apache NimBLE 缓冲区错误漏洞

Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. A buffer error vulnerability exists in Apache NimBLE 1.8 and earlier versions,...

3.1CVSS6.7AI score0.0033EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

Apache NimBLE 代码问题漏洞

Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. A code issue vulnerability exists in Apache NimBLE 1.8.0 and earlier versions,...

7.5CVSS6.9AI score0.00696EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.7 views

PT-2026-1816

Name of the Vulnerable Software and Affected Versions Apache NimBLE versions through 1.8.0 Description A flaw exists in Apache NimBLE where missing validation of an HCI connection complete or HCI command TX buffer can result in a NULL pointer dereference. This issue requires disabled asserts and ...

7.5CVSS6.7AI score0.00696EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

Apache NimBLE 安全漏洞

Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. A security vulnerability exists in Apache NimBLE versions 1.8.0 and earlier, whi...

8.1CVSS6.5AI score0.00371EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:55 a.m.9 views

CVE-2022-23703

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates...

7.5CVSS7AI score0.00767EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.8 views

CVE-2022-0314

The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.5AI score0.00788EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.8 views

CVE-2019-11996

Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a...

10CVSS7.5AI score0.01464EPSS
Exploits0References1
Rows per page
Query Builder