CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8258 – Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS
https://notcve.org/view.php?id=CVE-2024-8258
10 Sep 2024 — Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration. • https://www.electronjs.org/docs/latest/tutorial/fuses • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8011
https://notcve.org/view.php?id=CVE-2024-8011
25 Aug 2024 — Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera. • https://www.hackerone.com • CWE-863: Incorrect Authorization •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4031 – MEVO WEBCAM APP Windows Unquoted Service Path Vulnerability
https://notcve.org/view.php?id=CVE-2024-4031
23 Apr 2024 — Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code. Una vulnerabilidad de elemento o ruta de búsqueda sin comillas en la aplicación Logitech MEVO WEBCAM en Windows permite la ejecución local de código. • https://cwe.mitre.org/data/definitions/428.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36263
https://notcve.org/view.php?id=CVE-2022-36263
19 Aug 2022 — StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file. StreamLabs Desktop Application versión 1.9.0, es vulnerable a un Control de Acceso Incorrecto por medio del archivo obs64.exe. Un atacante puede ejecutar código arbitrario por medio de un archivo .exe diseñado. • https://github.com/ycdxsb/Vuln/blob/main/Streamlabs-CreateProcessW-API-Misuse-Binary-Hijack •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0916 – Broken authentication on Logitech Options due to misvalidation of Oauth state parameter
https://notcve.org/view.php?id=CVE-2022-0916
03 May 2022 — An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. Se ha detectado un problema en Logitech Options. El parámetro de estado de OAuth 2.0 no es comprobado apropiadamente. • https://support.logi.com/hc/en-us/articles/360025297893 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0915 – Logitech Sync desktop application prior to 2.4.574 - TOCTOU during installation leads to privelege escalation
https://notcve.org/view.php?id=CVE-2022-0915
12 Apr 2022 — There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user. Se presenta una vulnerabilidad de condición de carrera de tiempo de comprobación (TOCTOU) en Logitech Sync para Windows versiones anteriores a 2.4.574. Una explotación con éxito de estas vulnerabilidades puede escalar el permiso al usuario del sistema • https://prosupport.logi.com/hc/en-us/articles/360040085114-Download-Logitech-Sync • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2021-38547
https://notcve.org/view.php?id=CVE-2021-38547
11 Aug 2021 — Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the... • https://www.nassiben.com/glowworm-attack •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20641
https://notcve.org/view.php?id=CVE-2021-20641
12 Feb 2021 — Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en LOGITEC LAN-W300N/RS, permite a atacantes remotos secuestrar la autenticación de los administradores por medio de una URL especialmente diseñada. Como resultado, se ... • https://jvn.jp/en/jp/JVN96783542/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20642
https://notcve.org/view.php?id=CVE-2021-20642
12 Feb 2021 — Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL. Una comprobación inapropiada o el manejo de condiciones excepcionales en LOGITEC LAN-W300N/RS, permite a un atacante remoto causar una condición de denegación de servicio (DoS) al enviar una URL especialmente diseñada • https://jvn.jp/en/jp/JVN96783542/index.html •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20640
https://notcve.org/view.php?id=CVE-2021-20640
12 Feb 2021 — Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors. Una vulnerabilidad de desbordamiento del búfer en LOGITEC LAN-W300N/PGRB, permite a un atacante con privilegios administrativos ejecutar un comando arbitrario del sistema operativo por medio de vectores no especificados • https://jvn.jp/en/jp/JVN96783542/index.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •