anvilsecure

9 exploits Active since May 2023
CVE-2023-50914 WRITEUP MEDIUM WRITEUP
GOG Galaxy (Beta) 2.0.67.2-2.0.71.2 - Privilege Escalation
A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction parameters sent from GalaxyClient.exe to GalaxyClientService.exe.
CVSS 6.7
CVE-2023-50915 WRITEUP MEDIUM WRITEUP
GOG Galaxy (Beta) <2.0.71.2 - Privilege Escalation
An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a denial of service.
CVSS 6.5
CVE-2023-23298 WRITEUP CRITICAL WRITEUP
Garmin Connect IQ 2.3.0-4.1.7 - Integer Overflow in BufferedBitmap.initialize
The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.
CVSS 9.8
CVE-2023-23299 WRITEUP HIGH WRITEUP
Garmin Connect IQ 1.0.0-4.1.7 - Incorrect Authorization via TVM Permission Bypass
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.
CVSS 7.5
CVE-2023-23300 WRITEUP CRITICAL WRITEUP
Garmin Connect IQ 3.0.0-4.1.7 - Buffer Overflow in Toybox.Cryptography.Cipher.initialize
The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.
CVSS 9.8
CVE-2023-23303 WRITEUP CRITICAL WORKING POC
Garmin Connect IQ 3.2.0-4.1.7 - Buffer Overflow in Toybox.Ant.GenericChannel.enableEncryption
The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.
CVSS 9.8
CVE-2023-23304 WRITEUP CRITICAL WRITEUP
Garmin Connect IQ 2.1.0-4.1.7 - Incorrect Authorization in Toybox.SensorHistory Module
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information.
CVSS 9.1
CVE-2023-23305 WRITEUP CRITICAL WRITEUP
Garmin ConnectIQ 1.0.0-4.1.7 - Buffer Overflow in GarminOS TVM Component
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.
CVSS 9.8
CVE-2023-23306 WRITEUP CRITICAL WRITEUP
Garmin Connect IQ 2.2.0-4.1.7 - Out-of-Bounds Write via Toybox.Ant.BurstPayload.add
The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device's firmware.
CVSS 9.8