Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iq vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-23299
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 up to and including 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their function...
Garmin Connect-iq
NA
CVE-2023-23300
The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 up to and including 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters ...
Garmin Connect-iq
NA
CVE-2023-23301
The `news` MonkeyC operation code in CIQ API version 1.0.0 up to and including 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose len...
Garmin Connect-iq
NA
CVE-2023-23302
The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 up to and including 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafte...
Garmin Connect-iq
NA
CVE-2023-23303
The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 up to and including 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially c...
Garmin Connect-iq
NA
CVE-2023-23304
The GarminOS TVM component in CIQ API version 2.1.0 up to and including 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` mo...
Garmin Connect-iq
NA
CVE-2023-23305
The GarminOS TVM component in CIQ API version 1.0.0 up to and including 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.
Garmin Connect-iq
NA
CVE-2023-23306
The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 up to and including 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` ob...
Garmin Connect-iq
NA
CVE-2023-29240
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-iq Centralized Management
NA
CVE-2023-0045
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only ...
Linux Linux Kernel
Debian Debian Linux 10.0
Netapp Active Iq Unified Manager -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »