Skip to main content

Nimble

8 CVEs product

Monthly

CVE-2025-62235 HIGH PATCH This Week

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. [CVSS 8.1 HIGH]

Apache Authentication Bypass Nimble
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-53477 HIGH PATCH This Week

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. [CVSS 7.5 HIGH]

Apache Null Pointer Dereference Nimble
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-52435 HIGH PATCH This Week

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange. [CVSS 7.5 HIGH]

Apache Nimble
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-51569 HIGH PATCH This Week

Out-of-bounds Read vulnerability in Apache NimBLE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Apache Information Disclosure Nimble
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-47250 MEDIUM PATCH This Month

Out-of-bounds Read vulnerability in Apache NimBLE. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required.

Buffer Overflow Apache Information Disclosure Nimble
NVD GitHub
CVSS 3.1
5.0
EPSS
0.7%
CVE-2024-47249 MEDIUM PATCH This Month

Improper Validation of Array Index vulnerability in Apache NimBLE. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required.

Buffer Overflow Apache Nimble
NVD GitHub
CVSS 3.1
5.0
EPSS
0.6%
CVE-2024-47248 MEDIUM PATCH This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apache Nimble
NVD GitHub
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-24746 HIGH PATCH This Week

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Denial Of Service Nimble
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. [CVSS 8.1 HIGH]

Apache Authentication Bypass Nimble
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. [CVSS 7.5 HIGH]

Apache Null Pointer Dereference Nimble
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange. [CVSS 7.5 HIGH]

Apache Nimble
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds Read vulnerability in Apache NimBLE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Apache Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Out-of-bounds Read vulnerability in Apache NimBLE. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required.

Buffer Overflow Apache Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Improper Validation of Array Index vulnerability in Apache NimBLE. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required.

Buffer Overflow Apache Nimble
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apache Nimble
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Denial Of Service Nimble
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy