Lucene search
K

122 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-19993

Malware in sbrugna...

9.9CVSS8.9AI score0.02057EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-0203

Malware in sbrugna...

9.3CVSS6.4AI score0.02255EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2025/07/22 12:0 a.m.23 views

The vulnerability of the online platform GarminConnect, related to the lack of measures taken to protect the SQL query structure, allows a perpetrator to access protected information.

The vulnerability of the online platform GarminConnect relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow an attacker to access protected information...

6.2CVSS5.6AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.4 views

CVE-2023-23301

The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...

9.8CVSS6.9AI score0.01057EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:10 a.m.5 views

CVE-2023-23305

The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware...

9.8CVSS7.2AI score0.01274EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:40 a.m.5 views

CVE-2023-23304

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...

9.1CVSS6.7AI score0.00612EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:49 a.m.11 views

CVE-2022-46081

In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information. NOTE: this is disputed by the vendor because the LiveTrack API service is not a customer-controlled product...

7.5CVSS6.9AI score0.00705EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:33 p.m.10 views

CVE-2020-27484

Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow...

9.9CVSS7.3AI score0.01693EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:33 p.m.9 views

CVE-2020-27485

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index...

9.9CVSS6.8AI score0.01625EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:27 p.m.8 views

CVE-2020-27483

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided...

9.9CVSS7.3AI score0.02057EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.6 views

CVE-2020-27486

Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length...

9.9CVSS7AI score0.01859EPSS
Exploits1
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/01/28 6:59 a.m.19 views

How Garmin watches reveal your personal data, and what you can do

TL;DR A walk-through of obtaining sensitive data from a Garmin watch using forensic techniques How digital forensics on a Garmin watch helped solve a double murder case A comparison of Garmin's privacy with other brands including Fitbit, Apple, and Samsung Understand the security and privacy...

6.5AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/05/23 8:15 p.m.4 views

CVE-2023-23301

The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...

9.8CVSS7.2AI score0.01057EPSS
Exploits1References2
OSV
OSV
added 2023/05/23 8:15 p.m.3 views

CVE-2023-23304

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...

9.1CVSS7.3AI score0.00612EPSS
Exploits1References2
OSV
OSV
added 2023/05/23 8:15 p.m.5 views

CVE-2023-23301

The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...

9.8CVSS7.3AI score0.01057EPSS
Exploits1References1
OSV
OSV
added 2023/05/23 8:15 p.m.3 views

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

7.5CVSS5.7AI score0.00804EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/23 12:0 a.m.4 views

PT-2023-18900 · Garmin · Ciq Api +1

Name of the Vulnerable Software and Affected Versions: GarminOS TVM component in CIQ API versions 1.0.0 through 4.1.7 Description: The issue concerns buffer overflows that occur when loading binary resources. A malicious application could embed specially crafted resources to potentially hijack th...

9.8CVSS9.3AI score0.01274EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.6 views

Connect IQ 输入验证错误漏洞

Connect IQ CIQ is a technology platform and ecosystem from Garmin Switzerland designed to extend and customize the functionality of its smartwatches and health trackers. Connect IQ suffers from a security vulnerability that stems from an unvalidated parameter in an API function that results in an...

9.8CVSS8.4AI score0.01456EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.3 views

Connect IQ 安全漏洞

Connect IQ CIQ is a technology platform and ecosystem from Garmin Switzerland designed to extend and customize the functionality of its smartwatches and health trackers. Connect IQ has a security vulnerability. An attacker exploiting the vulnerability could compromise private or sensitive...

9.1CVSS8.3AI score0.00612EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.4 views

Connect IQ 安全漏洞

Connect IQ CIQ is a technology platform and ecosystem from Garmin Switzerland designed to extend and customize the functionality of its smartwatches and health trackers. Connect IQ has a security vulnerability. An attacker exploiting the vulnerability could compromise sensitive data...

7.5CVSS7.4AI score0.00804EPSS
Exploits1References3
Rows per page
Query Builder