Lucene search
K

58 matches found

Prion
Prion
added 2023/05/23 8:15 p.m.19 views

Type confusion

The Toybox.Ant.BurstPayload.add API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted Toybox.Ant.BurstPayload object, call its add method, overri...

7.5CVSS9.4AI score0.01215EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/05/23 8:15 p.m.23 views

Information disclosure

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...

6.4CVSS8.8AI score0.00612EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/23 12:0 a.m.7 views

CVE-2023-23300

The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the...

9.5AI score0.01274EPSS
Exploits2References2
CVE
CVE
added 2023/05/23 12:0 a.m.40 views

CVE-2023-23300

The CVE concerns Garmin Connect IQ (CIQ): Toybox.Cryptography.Cipher.initialize in CIQ API versions 3.0.0–4.1.7 does not validate parameters, enabling buffer overflows when copying data. This could let a malicious app hijack firmware execution (high risk, per CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H...

9.8CVSS9.4AI score0.01274EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/23 12:0 a.m.14 views

CVE-2023-23306

The Toybox.Ant.BurstPayload.add API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted Toybox.Ant.BurstPayload object, call its add method, overri...

9.5AI score0.01215EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/23 12:0 a.m.5 views

PT-2023-18899 · Garmin · Ciq Api +1

Name of the Vulnerable Software and Affected Versions: GarminOS TVM component in CIQ API versions 2.1.0 through 4.1.7 Description: The issue allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any...

9.1CVSS6.8AI score0.00612EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/05/23 12:0 a.m.8 views

CVE-2023-23298

The Toybox.Graphics.BufferedBitmap.initialize API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters...

7.2AI score0.01456EPSS
Exploits1References3
CVE
CVE
added 2023/05/23 12:0 a.m.49 views

CVE-2023-23302

Summary of CVE-2023-23302 (Ciq API): The vulnerability affects CIQ API versions 1.2.0 through 4.1.7, specifically the Toybox.GenericChannel.setDeviceConfig method. The issue is that the API does not validate its parameter, which can cause buffer overflows when copying various attributes. This can...

9.8CVSS9.4AI score0.01274EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/05/23 12:0 a.m.47 views

CVE-2023-23306

CVE-2023-23306 affects Garmin Connect IQ (CIQ) API: Toybox.Ant.BurstPayload.add in CIQ API versions 2.2.0 through 4.1.7 suffers a type confusion leading to an out-of-bounds write. A malicious app could craft a Toybox.Ant.BurstPayload object, call add, override arbitrary memory, and hijack firmwar...

9.8CVSS9.3AI score0.01215EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/05/23 12:0 a.m.46 views

CVE-2023-23303

The CVE-2023-23303 vulnerability affects Garmin Connect IQ CIQ API (Toybox.Ant.GenericChannel.enableEncryption) across versions 3.2.0–4.1.7. The issue arises because the API does not validate its parameter, enabling buffer overflows when copying various attributes. A malicious application could c...

9.8CVSS9.4AI score0.00792EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/14 8:15 p.m.3 views

CVE-2022-32298

Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service DoS via unspecified vectors...

7.5CVSS5.4AI score0.01017EPSS
Exploits1References2
NVD
NVD
added 2022/07/14 8:15 p.m.19 views

CVE-2022-32298

Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service DoS via unspecified vectors...

7.5CVSS0.01017EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/07/14 8:15 p.m.36 views

CVE-2022-32298

Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service DoS via unspecified vectors...

7.5CVSS7.1AI score0.01017EPSS
Exploits1References2
Prion
Prion
added 2022/07/14 8:15 p.m.18 views

Null pointer dereference

Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service DoS via unspecified vectors...

5CVSS7.4AI score0.01017EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/07/14 7:12 p.m.84 views

CVE-2022-32298

CVE-2022-32298 concerns Toybox v0.8.7, with a vulnerability in the component httpd.c causing a NULL pointer dereference . The effect is a potential Denial of Service (DoS) , described as achievable via unspecified vectors. The connected documents consistently identify the vulnerable artifact as T...

7.5CVSS7.3AI score0.01017EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2022/07/14 7:12 p.m.52 views

CVE-2022-32298

Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service DoS via unspecified vectors...

7.5CVSS7.3AI score0.01017EPSS
Exploits1
OSV
OSV
added 2022/07/14 7:12 p.m.15 views

CVE-2022-32298

Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service DoS via unspecified vectors...

7.5CVSS7.2AI score0.01017EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.3 views

Toybox 代码问题漏洞

Toybox is an all-in-one Linux command line from Rob Landley, an individual developer in the United States. A security vulnerability exists in Toybox version v0.8.7, which stems from the inclusion of a null pointer dereference in httpd.c, and can be exploited by an attacker to cause a denial of...

7.5CVSS7.2AI score0.01017EPSS
Exploits1References2
Rows per page
Query Builder