Lucene search
+L

24 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-27405

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01274EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-27399

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00804EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-27404

Malicious code in bioql PyPI...

9.1CVSS9.1AI score0.00612EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:36 a.m.6 views

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

7.5CVSS6.6AI score0.00804EPSS
Exploits1References1
NVD
NVD
added 2023/05/23 8:15 p.m.27 views

CVE-2023-23304

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...

9.1CVSS9AI score0.00612EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/05/23 8:15 p.m.4 views

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

7.5CVSS7.1AI score0.00804EPSS
Exploits1References3
OSV
OSV
added 2023/05/23 8:15 p.m.4 views

CVE-2023-23305

The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware...

9.8CVSS7.6AI score0.01274EPSS
Exploits1References2
NVD
NVD
added 2023/05/23 8:15 p.m.29 views

CVE-2023-23301

The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...

9.8CVSS9.3AI score0.01057EPSS
Exploits1References1
NVD
NVD
added 2023/05/23 8:15 p.m.31 views

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

7.5CVSS7.4AI score0.00804EPSS
Exploits1References2
NVD
NVD
added 2023/05/23 8:15 p.m.27 views

CVE-2023-23305

The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware...

9.8CVSS9.4AI score0.01274EPSS
Exploits1References2
Prion
Prion
added 2023/05/23 8:15 p.m.17 views

Out-of-bounds

The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...

7.5CVSS9.2AI score0.01057EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/05/23 8:15 p.m.76 views

Code injection

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

5CVSS7.4AI score0.00804EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/05/23 8:15 p.m.24 views

Buffer overflow

The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware...

7.5CVSS9.3AI score0.01274EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/05/23 8:15 p.m.23 views

Information disclosure

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...

6.4CVSS8.8AI score0.00612EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/05/23 12:0 a.m.56 views

CVE-2023-23301

The CVE-2023-23301 issue affects CIQ API versions 1.0.0 through 4.1.7, where the news MonkeyC operation code fails to ensure string resources don’t extend past section boundaries. This can allow a malicious CIQ application to craft a string starting near a section end whose length overflows past ...

9.8CVSS9.2AI score0.01057EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/05/23 12:0 a.m.56 views

CVE-2023-23299

The CVE concerns GarminOS TVM’s permission system for the CIQ API. Affected component: GarminOS TVM within CIQ API versions 1.0.0–4.1.7. Root cause: the permission model can be bypassed entirely, enabling a malicious application with specially crafted code/data sections to access restricted CIQ m...

7.5CVSS7.3AI score0.00804EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/05/23 12:0 a.m.45 views

CVE-2023-23304

The CVE-2023-23304 entry concerns GarminOS CIQ/TVM (Garmin Connect IQ): CIQ API versions 2.1.0 through 4.1.7 allow a specially crafted head section to access the Toybox.SensorHistory module without user consent, enabling a malicious app to call functions in that module and potentially disclose pr...

9.1CVSS8.8AI score0.00612EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/23 12:0 a.m.10 views

CVE-2023-23304

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...

9AI score0.00612EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/05/23 12:0 a.m.29 views

CVE-2023-23304

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...

9.1AI score0.00612EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/05/23 12:0 a.m.34 views

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

7.6AI score0.00804EPSS
Exploits1References2
Rows per page
Query Builder