EUVD-2023-12458

Malicious code in bioql PyPI...

CVE-2025-5825 Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability

Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain the...

TencentOS Server 4: bluez (TSSA-2024:0436)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0436 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

PT-2025-31669 · Alpine · Alpine Ilx-507

Name of the Vulnerable Software and Affected Versions: Alpine iLX-507 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected devices. User interaction is required, specifically the target must connect to a malicious Bluetoot...

USN-7222-1 bluez vulnerabilities

Lucas Leong discovered that BlueZ incorrectly handled the Phone Book Access profile. If a user were tricked into connecting to a malicious Bluetooth device, a remote attacker could possibly use this issue to execute arbitrary code...

CVE-2023-51594

BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a...

CVE-2023-51596

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must...

Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device. The specific flaw exists within the...

CVE-2023-2234

Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host...

Input validation

In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetoo...

PT-2021-4254 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 3.13 and later Description: A double-free memory corruption flaw was found in the Linux kernel's HCI device initialization subsystem. This issue arises when a user attaches a malicious HCI TTY Bluetooth device. A local...