CVE-2024-8258 – Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS
https://notcve.org/view.php?id=CVE-2024-8258
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration. • https://www.electronjs.org/docs/latest/tutorial/fuses https://nvd.nist.gov/vuln/detail/CVE-2023-50643 https://nvd.nist.gov/vuln/detail/CVE-2023-49314 https://github.com/r3ggi/electroniz3r • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-8011
https://notcve.org/view.php?id=CVE-2024-8011
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera. • https://www.hackerone.com • CWE-863: Incorrect Authorization •
CVE-2024-4031 – MEVO WEBCAM APP Windows Unquoted Service Path Vulnerability
https://notcve.org/view.php?id=CVE-2024-4031
Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code. Una vulnerabilidad de elemento o ruta de búsqueda sin comillas en la aplicación Logitech MEVO WEBCAM en Windows permite la ejecución local de código. • https://cwe.mitre.org/data/definitions/428.html • CWE-428: Unquoted Search Path or Element •
CVE-2022-36263
https://notcve.org/view.php?id=CVE-2022-36263
StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file. StreamLabs Desktop Application versión 1.9.0, es vulnerable a un Control de Acceso Incorrecto por medio del archivo obs64.exe. Un atacante puede ejecutar código arbitrario por medio de un archivo .exe diseñado. • https://github.com/ycdxsb/Vuln/blob/main/Streamlabs-CreateProcessW-API-Misuse-Binary-Hijack •
CVE-2022-0916 – Broken authentication on Logitech Options due to misvalidation of Oauth state parameter
https://notcve.org/view.php?id=CVE-2022-0916
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. Se ha detectado un problema en Logitech Options. El parámetro de estado de OAuth 2.0 no es comprobado apropiadamente. • https://support.logi.com/hc/en-us/articles/360025297893 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) •