CVE-2023-23304

HIGH Year: 2023
CVSS v3 Score
7.7
High
Weakness Type
CWE-863
View all →

Vulnerability Description

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information.

Related Vulnerabilities

CVE-2016-4514

HIGH
CVSS:7.7(High)

Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.

CWE-8632016

CVE-2020-3467

HIGH
CVSS:7.7(High)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. ...

CWE-8632020

CVE-2021-21484

HIGH
CVSS:7.7(High)

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.

CWE-8632021

CVE-2023-42860

HIGH
CVSS:7.7(High)

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of t...

CWE-8632023

CVE-2024-10975

HIGH
CVSS:7.7(High)

Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. Thi...

CWE-8632024

CVE-2024-38329

HIGH
CVSS:7.7(High)

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper valida...

CWE-8632024