Every CVE whose affected-product data names Garmin Connect-iq, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-23306 — CVSS 9.8 (critical): The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can…
CVE-2023-23305 — CVSS 9.8 (critical): The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources…
CVE-2023-23298 — CVSS 9.8 (critical): The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which…
CVE-2023-23300 — CVSS 9.8 (critical): The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can…
CVE-2023-23301 — CVSS 9.8 (critical): The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the…
CVE-2023-23302 — CVSS 9.8 (critical): The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can…
CVE-2023-23303 — CVSS 9.8 (critical): The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which…
CVE-2023-23304 — CVSS 9.1 (critical): The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the…
CVE-2023-23299 — CVSS 7.5 (high): The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed…