CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2016-6257
https://notcve.org/view.php?id=CVE-2016-6257
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack." El firmware en Lenovo Ultraslim dongles, como se usa con teclados Lenovo Liteon SK-8861, Ultraslim Wireless y Silver Silk y ratones Liteon ZTM600 y Ultraslim Wireless, no fuerza incrementar contadores AES, lo que permite a atacantes remotos inyectar entrada de teclado cifrada en el sistema mediante el aprovechamiento de la proximidad al dongle, también conocido como un "ataque de inyección KeyJack". • http://www.securityfocus.com/bid/92179 https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt https://support.lenovo.com/product_security/len_7267 https://www.bastille.net/research/vulnerabilities/keyjack • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2012-1250
https://notcve.org/view.php?id=CVE-2012-1250
Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication. Los routers Logitec LAN-W300N/R con firmware anterior a v2.27, no restringen el acceso al login, lo que permite a atacantes remotos obtener privilegios administrativos y modificar la configuración a través de vectores relacionados con la autenticación PPPoE. • http://jvn.jp/en/jp/JVN85934986/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000051 http://secunia.com/advisories/49289 http://www.logitec.co.jp/info/2012/0516.html http://www.securityfocus.com/bid/53685 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 40%CPEs: 2EXPL: 0CVE-2008-0956
https://notcve.org/view.php?id=CVE-2008-0956
Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager (LDM) before 2.56, allow remote attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer basados en pila en el control ActiveX BackWeb Lite Install Runner en el objeto BackWeb Web Package ActiveX en LiteInstActivator.dll en BackWeb antes de 8.1.1.87, tal como es utilizado en Logitech Desktop Manager (LDM) antes de 2.56, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://backweb.com/news_events/press_releases/051608.php http://marc.info/?l=bugtraq&m=121380194923597&w=2 http://secunia.com/advisories/30598 http://secunia.com/advisories/30625 http://www.kb.cert.org/vuls/id/216153 http://www.securityfocus.com/bid/29558 http://www.us-cert.gov/cas/techalerts/TA08-162B.html http://www.vupen.com/english/advisories/2008/1791 http://www.vupen.com/english/advisories/2008/1792 https://docs.microsoft.com/en-us/security-updates/securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 92%CPEs: 1EXPL: 1CVE-2007-2918 – Logitech VideoCall - ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-2918
Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer basados en pila en los controles ActiveX (1) VibeC en el (a) vibecontrol.dll, (2) CallManager y (3) ViewerClient en el (b) StarClient.dll, (4) ComLink en el (c) uicomlink.dll y (5) WebCamXMP en el (d) wcamxmp.dll del Logitech VideoCall permiten a atacantes remotos provocar una denegación de servicio (caída del buscador) y ejecutar código de su elección mediante vectores sin especificar. • https://www.exploit-db.com/exploits/16511 http://osvdb.org/36820 http://osvdb.org/36821 http://osvdb.org/36822 http://osvdb.org/36823 http://osvdb.org/36824 http://secunia.com/advisories/25514 http://www.kb.cert.org/vuls/id/330289 http://www.securityfocus.com/bid/24254 http://www.vupen.com/english/advisories/2007/2018 https://exchange.xforce.ibmcloud.com/vulnerabilities/34658 •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2002-1722
https://notcve.org/view.php?id=CVE-2002-1722
Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button. • http://online.securityfocus.com/archive/1/270702 http://www.securityfocus.com/bid/4662 https://exchange.xforce.ibmcloud.com/vulnerabilities/8994 •