Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iq vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2023-23304
The GarminOS TVM component in CIQ API version 2.1.0 up to and including 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` mo...
Garmin Connect-iq
9.8
CVSSv3
CVE-2023-23305
The GarminOS TVM component in CIQ API version 1.0.0 up to and including 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.
Garmin Connect-iq
9.8
CVSSv3
CVE-2023-23306
The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 up to and including 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` ob...
Garmin Connect-iq
7.5
CVSSv3
CVE-2022-1762
The iQ Block Country WordPress plugin prior to 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.
Webence Iq Block Country
NA
CVE-2012-2986
lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for...
Hp San\\/iq 9.5
2 EDB exploits
9.8
CVSSv3
CVE-2022-41155
Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.
Webence Iq Block Country
NA
CVE-2012-4362
hydra.exe in HP SAN/iQ prior to 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote malicious users to obtain access to a management service via a login: request to TCP port 13838.
Hp San\\/iq 9.5
2 EDB exploits
5.4
CVSSv3
CVE-2021-36873
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.
Webence Iq Block Country
NA
CVE-2014-3220
F5 BIG-IQ Cloud and Security 4.0.0 up to and including 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.
F5 Big-iq 4.1.0.2013.0
1 EDB exploit
4.9
CVSSv3
CVE-2022-0246
The settings of the iQ Block Country WordPress plugin prior to 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip fil...
Webence Iq Block Country
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »