CVE-2026-5768

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

CVE-2026-5768

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

CVE-2026-5768

CVE-2026-5768 concerns the Frontier X2 device and Frontier X mobile app, where unauthenticated BLE read/write access to critical GATT characteristics enables attackers within BLE range to control device functions, trigger vibrations, cause DoS, and forge health telemetry by impersonating devices ...

CVE-2026-5768 Fourth Frontier Frontier X Mobile Application, Frontier X2 Missing Authentication for Critical Function

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

Astra Linux - уязвимость в bluez

A issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free condition can occur when a client disconnects during D-Bus processing of a WriteValue call...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

BlueZ HID over GATT Profile: Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected BlueZ installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

Astra Linux - уязвимость в bluez

The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...

CLSA-2026-1777541445 bluez: Fix of 3 CVEs

CVE-2022-0204: fix heap overflow when appending prepare writes in gatt-server - CVE-2022-39176: fix not checking paramslen in AVRCP vendordep PDU handling - CVE-2022-39177: fix accepting invalid/malformed capabilities in AVDTP...

EUVD-2026-8870

Golioth Pouch version 0.1.0 prior to INSERT FIXED VERSION, fixed in commit 1b2219a1, contain a heap-based buffer overflow in BLE GATT server certificate handling. servercertwrite allocates a heap buffer of size CONFIGPOUCHSERVERCERTMAXLEN when receiving the first fragment, then appends subsequent...

CVE-2026-23750

Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. servercertwrite allocates a heap buffer of size CONFIGPOUCHSERVERCERTMAXLEN when receiving the first fragment, then appends subsequent fragments using memcpy witho...

CVE-2026-23750

Golioth Pouch 0.1.0 (prior to the fixed version) is affected by a heap-based buffer overflow in the BLE GATT server certificate handling. In server_cert_write(), a heap buffer of CONFIG_POUCH_SERVER_CERT_MAX_LEN is allocated for the first fragment, and subsequent fragments are appended via memcpy...

PT-2026-22169

Name of the Vulnerable Software and Affected Versions Golioth Pouch versions prior to commit 1b2219a1 Description The software contains a heap-based buffer overflow in BLE GATT server certificate handling. The server cert write function allocates a heap buffer of size CONFIG POUCH SERVER CERT MAX...

pouch 安全漏洞

Pouch is a non-IP protocol developed by Golioth. Version 0.1.0 of Pouch contains a security vulnerability. This vulnerability stems from a heap-based buffer overflow issue during the processing of BLE GATT server certificates, which could lead to heap overflow and system crashes...

PT-2026-6299

Name of the Vulnerable Software and Affected Versions Espressif Internet of Things IOT Development Framework versions 5.1.6 through 5.5.2 Description The Espressif Internet of Things IOT Development Framework contains a use-after-free issue in the BLE provisioning transport protocomm ble layer...

CVE-2023-43512

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer...

CVE-2024-2104

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...

CVE-2024-2104

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...

CVE-2024-2104 JBL: Improper BLE security configurations and lack of authentication on the device's GATT server

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...

CVE-2024-2104 JBL: Improper BLE security configurations and lack of authentication on the device's GATT server

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...

NewStart CGSL MAIN 7.02 : kernel-modules-sub Multiple Vulnerabilities (NS-SA-2025-0250)

The remote NewStart CGSL host, running version MAIN 7.02, has kernel-modules-sub packages installed that are affected by multiple vulnerabilities: - BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to...