175 matches found
CVE-2026-5768
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...
CVE-2026-5768
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...
CVE-2026-5768
CVE-2026-5768 concerns the Frontier X2 device and Frontier X mobile app, where unauthenticated BLE read/write access to critical GATT characteristics enables attackers within BLE range to control device functions, trigger vibrations, cause DoS, and forge health telemetry by impersonating devices ...
CVE-2026-5768 Fourth Frontier Frontier X Mobile Application, Frontier X2 Missing Authentication for Critical Function
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: scsi: sd: A “off-by-one” error has been fixed in sdreadBlockcharacteristics. If the device returns page 0xb1 with a length of 8 this occurs with QEMU v2.x, for example, sdReadBlockCharacteristics may attempt an out-of-bounds...
ROS-20260513-73-0019
Vulnerability in lxd due to insufficient control over modification of dynamically defined object characteristics. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
CVE-2026-3561
Philips Hue Bridge hkhap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerabilit...
Everyday tools, extraordinary crimes: the ransomware exfiltration playbook
Data exfiltration activity increasingly leverages legitimate native utilities, commonly deployed third-party tools, and cloud service clients, reducing the effectiveness of static indicators of compromise IOCs and tool-based blocking strategies. The Exfiltration Framework systematically normalize...
EUVD-2026-12162
Philips Hue Bridge hkhap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerabilit...
CVE-2026-3561
Philips Hue Bridge hkhap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerabilit...
Philips Hue Bridge 安全漏洞
The Philips Hue Bridge is a smart lighting gateway device developed by the Japanese company Philips Hue. There is a security vulnerability in the Philips Hue Bridge, which stems from the lack of verification of the user data length when processing PUT requests for the characteristics endpoint. Th...
CVE-2026-3561 Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability
Philips Hue Bridge hkhap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerabilit...
CVE-2026-3561
Philips Hue Bridge hkhap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerabilit...
CVE-2026-3561
CVE-2026-3561 affects Philips Hue Bridge hk_hap characteristics. A heap-based buffer overflow in the handling of PUT requests to the characteristics endpoint allows remote code execution. The flaw stems from insufficient validation of user-supplied data length before copying into a heap buffer, e...
CVE-2026-3561 Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability
Philips Hue Bridge hkhap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerabilit...
(Pwn2Own) Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of...
Linux Distros Unpatched Vulnerability : CVE-2008-3134
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service crash, infinite loop, or memory...
ROS-20250703-10
Vulnerability of the Drupal CMS kernel is related to insufficient control over modification of dynamically defined object characteristics. of dynamically defined object characteristics. Exploitation of the vulnerability could allow an attacker, acting remotely. remotely, to execute arbitrary code...
CVE-2025-32879
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other device is connected. While connected, none of the BLE services and characteristics of the device...
CVE-2025-22874
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...