CVE-2020-27483
https://notcve.org/view.php?id=CVE-2020-27483
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided for the stack value duplication instruction, DUP. The offset is unchecked and memory prior to the start of the execution stack can be read and treated as a TVM object. • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0007.md • CWE-129: Improper Validation of Array Index •
CVE-2020-27484
https://notcve.org/view.php?id=CVE-2020-27484
Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow when allocating the array for the NEWA instruction. This a constrained read/write primitive across the entire MAX32630 address space. • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0004.md • CWE-190: Integer Overflow or Wraparound •
CVE-2020-27485
https://notcve.org/view.php?id=CVE-2020-27485
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index provided when accessing the local variable in the LGETV and LPUTV instructions. This provides the ability to both read and write memory outside the bounds of the TVM context allocation. • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0005.md • CWE-129: Improper Validation of Array Index •
CVE-2020-27486
https://notcve.org/view.php?id=CVE-2020-27486
Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0006.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2009-0194
https://notcve.org/view.php?id=CVE-2009-0194
The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error." La implementación del bloqueo de dominio en el control ActiveX GARMINAXCONTROL.GarminAxControl_t.1 de npGarmin.dll en Garmin Communicator Plug-In v2.6.4.0 no aplica adecuadamente las restricciones para peticiones de (1) descarga (2) subida que proceden de un sitio web especificado por el usuario, lo que permite a atacantes remotos obtener información sensible o reconfigurar los dispositivos Garmin GPS a través de vectores no especificados relacionados con un "error de sincronización". • http://osvdb.org/54258 http://secunia.com/advisories/34326 http://secunia.com/secunia_research/2009-16 http://securitytracker.com/id?1022173 http://www.securityfocus.com/archive/1/503319/100/0/threaded http://www.securityfocus.com/bid/34858 https://exchange.xforce.ibmcloud.com/vulnerabilities/50360 • CWE-264: Permissions, Privileges, and Access Controls •