Lucene search
K

44 matches found

Vulnrichment
Vulnrichment
added 2023/05/23 12:0 a.m.11 views

CVE-2023-23301

The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...

9.3AI score0.01057EPSS
Exploits1References1
CVE
CVE
added 2023/05/23 12:0 a.m.45 views

CVE-2023-23304

The CVE-2023-23304 entry concerns GarminOS CIQ/TVM (Garmin Connect IQ): CIQ API versions 2.1.0 through 4.1.7 allow a specially crafted head section to access the Toybox.SensorHistory module without user consent, enabling a malicious app to call functions in that module and potentially disclose pr...

9.1CVSS8.8AI score0.00612EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/05/23 12:0 a.m.24 views

CVE-2023-23300

The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the...

9.7AI score0.01274EPSS
Exploits2References2
CVE
CVE
added 2023/05/23 12:0 a.m.47 views

CVE-2023-23306

CVE-2023-23306 affects Garmin Connect IQ (CIQ) API: Toybox.Ant.BurstPayload.add in CIQ API versions 2.2.0 through 4.1.7 suffers a type confusion leading to an out-of-bounds write. A malicious app could craft a Toybox.Ant.BurstPayload object, call add, override arbitrary memory, and hijack firmwar...

9.8CVSS9.3AI score0.01215EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder