Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iq vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-23235
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions before 9.10P1 are susceptible to a vulnerability which could allow an malicious user to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data tha...
Netapp Active Iq Unified Manager 9.10
Netapp Active Iq Unified Manager
890
VMScore
CVE-2020-5868
In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.
F5 Big-iq Centralized Management
F5 Big-iq Centralized Management 7.0.0
NA
CVE-2023-23298
The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 up to and including 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method wi...
Garmin Connect-iq
NA
CVE-2023-23299
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 up to and including 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their function...
Garmin Connect-iq
NA
CVE-2023-23300
The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 up to and including 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters ...
Garmin Connect-iq
NA
CVE-2023-23301
The `news` MonkeyC operation code in CIQ API version 1.0.0 up to and including 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose len...
Garmin Connect-iq
NA
CVE-2023-23302
The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 up to and including 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafte...
Garmin Connect-iq
NA
CVE-2023-23303
The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 up to and including 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially c...
Garmin Connect-iq
NA
CVE-2023-23304
The GarminOS TVM component in CIQ API version 2.1.0 up to and including 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` mo...
Garmin Connect-iq
NA
CVE-2023-23305
The GarminOS TVM component in CIQ API version 1.0.0 up to and including 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.
Garmin Connect-iq
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »