The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious appl ...
Continue Reading
May 24, 2023
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and da ...
Continue Reading
May 24, 2023
The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could ...
Continue Reading
May 24, 2023
The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A m ...
Continue Reading
May 24, 2023
The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes ...
Continue Reading
May 24, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.This issue affects ...
Continue Reading
May 24, 2023
AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.Read More ...
Continue Reading
May 24, 2023
The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. Â During a failed login attempt a difference in messages could allow an attacker to determine if t ...
Continue Reading
May 24, 2023
Back to Main
