Lucene search
K

6 matches found

NVD
NVD
added 2023/05/23 8:15 p.m.31 views

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

7.5CVSS7.4AI score0.00804EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/05/23 8:15 p.m.3 views

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

7.5CVSS7.1AI score0.00804EPSS
Exploits1References3
NVD
NVD
added 2023/05/23 8:15 p.m.29 views

CVE-2023-23301

The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...

9.8CVSS9.3AI score0.01057EPSS
Exploits1References1
Prion
Prion
added 2023/05/23 8:15 p.m.76 views

Code injection

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

5CVSS7.4AI score0.00804EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/05/23 8:15 p.m.17 views

Out-of-bounds

The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...

7.5CVSS9.2AI score0.01057EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/05/23 12:0 a.m.56 views

CVE-2023-23301

The CVE-2023-23301 issue affects CIQ API versions 1.0.0 through 4.1.7, where the news MonkeyC operation code fails to ensure string resources don’t extend past section boundaries. This can allow a malicious CIQ application to craft a string starting near a section end whose length overflows past ...

9.8CVSS9.2AI score0.01057EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder