24 matches found
CVE-2023-23305
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware...
CVE-2023-23304
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...
CVE-2023-23304
The CVE-2023-23304 entry concerns GarminOS CIQ/TVM (Garmin Connect IQ): CIQ API versions 2.1.0 through 4.1.7 allow a specially crafted head section to access the Toybox.SensorHistory module without user consent, enabling a malicious app to call functions in that module and potentially disclose pr...
CVE-2023-23304
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...