384 matches found
g810-led 安全漏洞
g810-led is a Linux boot controller for the Logitech G213, G410, G413, G512, G513, G610, G810, G815, G910, and GPRO keyboards from MatMoul Personal Developers. A security vulnerability exists in g810-led version 0.4.2, which stems from its udev rules making supported device nodes globally readabl...
CVE-2022-46338
g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data...
CVE-2022-46338
CVE-2022-46338 affects the Linux tool g810-led (version 0.4.2) for Logitech Gx10 keyboards. The issue stems from a udev rule that makes device nodes world-readable and writable, enabling any local process to read traffic from connected keyboards (potentially exposing sensitive data). Publicly doc...
PT-2022-27827 · G810-Led · G810-Led
Name of the Vulnerable Software and Affected Versions: g810-led version 0.4.2 Description: The issue allows any process on the system to read traffic from keyboards, including sensitive data, due to a udev rule that makes supported device nodes world-readable and writable. This affects a LED...
CVE-2022-0916
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...
CVE-2022-0916
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...
Cross site request forgery (csrf)
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...
CVE-2022-0916
CVE-2022-0916 affects Logitech Options. The issue is that the OAuth 2.0 state parameter was not properly validated, enabling potential CSRF during authentication/authorization. Documents show vulnerability details and CVSS metrics but do not provide a concrete patch/version or remediation guidanc...
CVE-2022-0916 Broken authentication on Logitech Options due to misvalidation of Oauth state parameter
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...
Logitech Options 跨站请求伪造漏洞
Logitech Options is a powerful and easy-to-use application from Logitech that enhances your Logitech mouse, keyboard, and touchpad. Logitech Options suffers from a cross-site request forgery vulnerability that stems from a failure to properly validate the status parameter of Oauth 2.0. An attacke...
CVE-2022-0915
There is a Time-of-check Time-of-use TOCTOU Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user...
CVE-2022-0915
There is a Time-of-check Time-of-use TOCTOU Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user...
Race condition
There is a Time-of-check Time-of-use TOCTOU Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user...
CVE-2022-0915 Logitech Sync desktop application prior to 2.4.574 - TOCTOU during installation leads to privelege escalation
There is a Time-of-check Time-of-use TOCTOU Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user...
CVE-2022-0915
CVE-2022-0915 concerns the Logitech Sync desktop application for Windows prior to 2.4.574. The issue is a TOCTOU race condition during installation that may allow an attacker to escalate privileges to the system user. Affected product: Logitech Sync on Windows (pre-2.4.574). Root cause: race cond...
Logitech Sync for Windows 安全漏洞
Logitech Sync for Windows is a crossover application from Logitech Switzerland. A security vulnerability exists in Logitech Sync for Windows versions prior to 2.4.574, which could be exploited by an attacker to elevate privileges...
CVE-2022-0915
There is a Time-of-check Time-of-use TOCTOU Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user...
CVE-2022-0916
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...
Logitech Media Server 8.2.0 Cross Site Scripting
Exploit Title: Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting XSS Shodan Dork: Search Logitech Media Server Date: 12.10.2021 Exploit Author: Mert Das Vendor Homepage: www.logitech.com Version: 8.2.0 Tested on: Windows 10, Linux POC: 1. Go to Settings / Interface tab 2. Add payload to...
Logitech Media Server 8.2.0 - (Title) Cross-Site Scripting Vulnerability
Exploit Title: Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting XSS Shodan Dork: Search Logitech Media Server Exploit Author: Mert Das Vendor Homepage: www.logitech.com Version: 8.2.0 Tested on: Windows 10, Linux POC: 1. Go to Settings / Interface tab 2. Add payload to Title section 3...