122 matches found
EUVD-2020-19993
Malware in sbrugna...
EUVD-2009-0203
Malware in sbrugna...
The vulnerability of the online platform GarminConnect, related to the lack of measures taken to protect the SQL query structure, allows a perpetrator to access protected information.
The vulnerability of the online platform GarminConnect relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow an attacker to access protected information...
CVE-2023-23301
The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...
CVE-2023-23305
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware...
CVE-2023-23304
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...
CVE-2022-46081
In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information. NOTE: this is disputed by the vendor because the LiveTrack API service is not a customer-controlled product...
CVE-2020-27484
Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow...
CVE-2020-27485
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index...
CVE-2020-27483
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided...
CVE-2020-27486
Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length...
How Garmin watches reveal your personal data, and what you can do
TL;DR A walk-through of obtaining sensitive data from a Garmin watch using forensic techniques How digital forensics on a Garmin watch helped solve a double murder case A comparison of Garmin's privacy with other brands including Fitbit, Apple, and Samsung Understand the security and privacy...
CVE-2023-23301
The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...
CVE-2023-23304
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...
CVE-2023-23301
The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...
CVE-2023-23299
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...
PT-2023-18900 · Garmin · Ciq Api +1
Name of the Vulnerable Software and Affected Versions: GarminOS TVM component in CIQ API versions 1.0.0 through 4.1.7 Description: The issue concerns buffer overflows that occur when loading binary resources. A malicious application could embed specially crafted resources to potentially hijack th...
Connect IQ 输入验证错误漏洞
Connect IQ CIQ is a technology platform and ecosystem from Garmin Switzerland designed to extend and customize the functionality of its smartwatches and health trackers. Connect IQ suffers from a security vulnerability that stems from an unvalidated parameter in an API function that results in an...
Connect IQ 安全漏洞
Connect IQ CIQ is a technology platform and ecosystem from Garmin Switzerland designed to extend and customize the functionality of its smartwatches and health trackers. Connect IQ has a security vulnerability. An attacker exploiting the vulnerability could compromise private or sensitive...
Connect IQ 安全漏洞
Connect IQ CIQ is a technology platform and ecosystem from Garmin Switzerland designed to extend and customize the functionality of its smartwatches and health trackers. Connect IQ has a security vulnerability. An attacker exploiting the vulnerability could compromise sensitive data...