54 matches found
Malicious Package
Overview @captivateiq/handsontable-ciq is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
EUVD-2023-27399
Malicious code in bioql PyPI...
EUVD-2023-27401
Malicious code in bioql PyPI...
EUVD-2023-27402
Malicious code in bioql PyPI...
EUVD-2023-27400
Malicious code in bioql PyPI...
EUVD-2023-27404
Malicious code in bioql PyPI...
EUVD-2023-27405
Malicious code in bioql PyPI...
MAL-2025-10914 Malicious code in @zalastax/nolb-ciq (npm)
The package @zalastax/nolb-ciq was found to contain malicious code...
Malicious code in @zalastax/nolb-ciq (npm)
The package @zalastax/nolb-ciq was found to contain malicious code...
CVE-2023-23300
The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the...
CVE-2023-23299
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...
MAL-2024-10311 Malicious code in @captivateiq/handsontable-ciq (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ff5087a0a343a66ce310683b4fd7d9e169476f92ada3408d8dcc63fa1da6645a The OpenSSF Package Analysis project identified '@captivateiq/handsontable-ciq' @ 152.1.5 npm as malicious. It is considered malicious because: ...
Malicious code in @captivateiq/handsontable-ciq (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ff5087a0a343a66ce310683b4fd7d9e169476f92ada3408d8dcc63fa1da6645a The OpenSSF Package Analysis project identified '@captivateiq/handsontable-ciq' @ 152.1.5 npm as malicious. It is considered malicious because: ...
CVE-2023-23301
The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...
CVE-2023-23298
The Toybox.Graphics.BufferedBitmap.initialize API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters...
CVE-2023-23299
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...
CVE-2023-23303
The Toybox.Ant.GenericChannel.enableEncryption API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the...
CVE-2023-23299
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...
CVE-2023-23305
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware...
CVE-2023-23304
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the Toybox.SensorHistory module without permission. A malicious application could call any functions from the Toybox.SensorHistory module without the user's consent a...