Missing Authorization

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Missing Authorization through the registerPairCommand and resolvePairingCommandAuthState paths in the device-pair command handler. An attacker can generate pairing setup codes,...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the /pair approve process. An attacker can gain unauthorized approval of device pairing requests with elevated privileges by submitting a device pairing request...

Exploit for CVE-2025-36911

🚀 wpair-app - A Tool to Understand Bluetooth Security 🎉 Ov...

MiracleLinux 8 : bluez-5.50-3.el8 (AXSA:2020-298:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-298:02 advisory. bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices CVE-2018-10910 Tenable has...

MiracleLinux 7 : bluez-5.44-6.el7 (AXSA:2020-4538:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-4538:01 advisory. bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices CVE-2018-10910 Tenable has...

Sony: Improper State Validation on Sony WH-CH520 via BLE Command Service leads to unauthorized Bluetooth pairing and audio hijacking

A vulnerability was discovered in the firmware of the Sony WH-CH520 headset. The vulnerability allowed an unauthenticated write to a proprietary Sony command service via Bluetooth Low Energy BLE, causing the device to become discoverable and accept a standard Bluetooth Security Manager Protocol S...

EUVD-2006-6879

Malware in sbrugna...

EUVD-2018-2966

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-10910

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead t...

CVE-2021-21367

Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running in discoverable mode, Bluetooth service requests and pairing requests are automatically accepted, allowing physically...

CVE-2022-20793

A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. This vulnerability is due to insufficient identity verification...

CVE-2023-40356

Affected software: PingOne MFA Integration Kit. Vulnerability: a flaw in the MFA setup prompt could allow pairing a new MFA device with a target user without requiring second‑factor authentication from the user’s existing devices. Root cause / trigger (as stated): may be exploited by a threat act...

CVE-2023-39231

PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...

Oracle Linux 8 : bluez (ELSA-2020-1912)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1912 advisory. 5.50-3 + bluez-5.50-3 - Bump the version 5.50-2 + bluez-5.50-2 - Fixing CVE-2018-10910 1606373 Tenable has extracted the preceding description block directly fr...

SUSE CVE-2018-10910

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable...

PT-2022-14480 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a logic error in the Bluetooth code, allowing a display-only device to be paired without PIN confirmation. This could lead to local escalation of privilege with no additional...

Design/Logic Flaw

In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

ASB-A-180745296

In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

NewStart CGSL CORE 5.04 / MAIN 5.04 : bluez Multiple Vulnerabilities (NS-SA-2021-0038)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has bluez packages installed that are affected by multiple vulnerabilities: - A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation...

CentOS 8 : bluez (CESA-2020:1912)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1912 advisory. - bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices CVE-2018-10910 Note that Ness...