ASB-A-446114623

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Zero Motorcycles firmware 安全漏洞

Zero Motorcycles firmware is a control software for electric motorcycles developed by the American company Zero. Versions of Zero Motorcycles firmware prior to version 44 contained security vulnerabilities. These vulnerabilities stemmed from a flaw that allowed attackers to force device pairing v...

CVE-2025-11942

A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early abo...

CVE-2025-11942

A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early abo...

CVE-2025-11942

CVE-2025-11942 affects 70mai X200 (up to 20251010). The vulnerability involves an unknown function in the Pairing component where manipulation can bypass authentication, enabling remote exploitation. Public exploit details exist and have been published; the vendor was contacted but did not respon...

CVE-2025-11942 70mai X200 Pairing missing authentication

A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early abo...

EUVD-2016-4773

Malware in sbrugna...

CVE-2025-44557

A state machine transition flaw in the Bluetooth Low Energy BLE stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairingfailed packet...

Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005583 fixes several issues. The following security issues were fixed: CVE-2024-8805: Bluetooth: hcievent: Align BR/EDR JUSTWORKS paring with LE bsc1240840. CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize bsc1233294...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Apr-2025 Release 1, which stems from mishandling of an exception condition that allows a loc...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Jul-2024 Release 1 prior to version 1, which stems from an improper authentication issue...

kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses

A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live...

USN-6742-2 linux-azure, linux-lowlatency, linux-nvidia vulnerabilities

Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to...

UBUNTU-CVE-2020-10135

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth...

CVE-2019-2225

When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is...

Google Titan Security Key Recalled After Bluetooth Pairing Bug

Google is recalling Bluetooth versions of its Titan Security Key after finding a vulnerability that allows attackers in close proximity to take control of the device. Google’s Titan Security Key, launched in the U.S. market last August, is a USB dongle that offers an added layer of security...