Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api connect vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-23302
The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 up to and including 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafte...
Garmin Connect-iq
NA
CVE-2023-23303
The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 up to and including 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially c...
Garmin Connect-iq
NA
CVE-2023-23298
The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 up to and including 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method wi...
Garmin Connect-iq
NA
CVE-2022-46081
In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information. NOTE: this is disputed by the vendor because the LiveTrack API service is not a customer-controlled product.
Garmin Connect 4.61
NA
CVE-2023-23306
The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 up to and including 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` ob...
Garmin Connect-iq
NA
CVE-2023-23305
The GarminOS TVM component in CIQ API version 1.0.0 up to and including 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.
Garmin Connect-iq
NA
CVE-2023-48711
google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-translate-api-browser` package and exposing the `translateOptions` to the end use...
Cjvnjde Google Translate Api Browser
NA
CVE-2023-23304
The GarminOS TVM component in CIQ API version 2.1.0 up to and including 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` mo...
Garmin Connect-iq
NA
CVE-2023-23299
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 up to and including 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their function...
Garmin Connect-iq
NA
CVE-2023-40682
IBM App Connect Enterprise 12.0.1.0 up to and including 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833.
Ibm App Connect Enterprise
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »