Lucene search
K

1314 matches found

RedhatCVE
RedhatCVE
added 2026/05/15 11:42 a.m.13 views

CVE-2026-43334

A flaw was found in the Linux kernel's Bluetooth Security Manager Protocol SMP. An attacker could exploit this vulnerability during the Bluetooth pairing process by manipulating authentication requirements. This could lead to the selection of a weaker pairing method than intended, potentially...

8.8CVSS5.8AI score0.00252EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.19 views

SUSE CVE-2026-42584

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103,...

5.6CVSS5.8AI score0.0075EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/05/13 7:17 p.m.7 views

CVE-2026-42584

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103,...

9.1CVSS6.9AI score0.0075EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.14 views

SUSE CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

8.1CVSS5.7AI score0.00252EPSS
Exploits0References19
EUVD
EUVD
added 2026/05/08 3:31 p.m.13 views

EUVD-2026-28618

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

5.8AI score0.00252EPSS
Exploits0References9
NVD
NVD
added 2026/05/08 2:16 p.m.12 views

CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

8.8CVSS0.00252EPSS
Exploits0References8
OSV
OSV
added 2026/05/08 2:16 p.m.12 views

UBUNTU-CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

8.8CVSS5.7AI score0.00252EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.9 views

CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

8.8CVSS5.8AI score0.00252EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/08 1:31 p.m.44 views

CVE-2026-43334 Bluetooth: SMP: force responder MITM requirements before building the pairing response

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

8.8CVSS0.00252EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:31 p.m.8 views

CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

5.8AI score0.00252EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/08 1:31 p.m.21 views

CVE-2026-43334

CVE-2026-43334 concerns the Linux kernel Bluetooth SMP pairing flow. The issue arises in smp_cmd_pairing_req() where the pairing response is built from the initiator auth_req before enforcing the local BT_SECURITY_HIGH, allowing the response to omit SMP_AUTH_MITM if the initiator did. Consequentl...

8.8CVSS5.8AI score0.00252EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/05/08 1:31 p.m.7 views

CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

8.8CVSS5.7AI score0.00252EPSS
Exploits0
CVE
CVE
added 2026/05/08 1:11 p.m.23 views

CVE-2026-43301

CVE-2026-43301 relates to the Linux kernel driver for the wave5 media component. The issue arises when the driver’s remove path unconditionally calls pm_runtime_put_sync(), which can underflow the PM usage count if autosuspend was already activated during probe. This mismatch prevents proper refe...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-38985

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth Security Manager Protocol SMP where the smp cmd pairing req function builds a pairing response based on the initiator's authentication requirements befor...

8.8CVSS5.8AI score0.00252EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability stems from the smpcmdPairingReq function in the Bluetooth SMP protocol, which constructs a pairing...

8.8CVSS5.8AI score0.00252EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-43334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator...

8.8CVSS5.9AI score0.00252EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.9 views

CVE-2026-44110

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 9:31 p.m.9 views

EUVD-2026-28186

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

8.8CVSS5.9AI score0.00288EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/06 9:31 p.m.11 views

Duplicate Advisory: OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2gvc-4f3c-2855. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/05/06 9:19 p.m.13 views

Incorrect Authorization

Overview @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the DM pairing-store process. An attacker can gain unauthorized access to privileged room control commands by leveraging DM-paired sender IDs to bypass...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References2
Rows per page
Query Builder