40 matches found
CVE-2019-13055
Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard...
CVE-2019-13053
CVE-2019-13053 describes a keystroke injection vulnerability in Logitech Unifying devices. The issue allows an attacker to inject keystrokes and bypass encryption by pressing a specific “magic” key combination while listening to the RF transmission. The vulnerability is noted as a consequence of ...
CVE-2019-13053
Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761...
CVE-2016-10761
CVE-2016-10761 affects Logitech Unifying devices prior to 2016-02-26, enabling keystroke injection and bypassing encryption (MouseJack). The NVD entry lists low to medium severity (CVSS v2 base 3.3, CVSS v3 base 6.5) with adjacent, low-complexity exploitation and no user interaction required. Pub...
CVE-2016-10761
Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack...
CVE-2019-13052
CVE-2019-13052 concerns Logitech Unifying devices where, if the pairing between a keyboard and its receiver is sniffed, an attacker could achieve live decryption of the communication. The core details across connected records identify the affected class as Logitech Unifying devices and describe a...
EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1480)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. ...
Partner Perspectives: Siemplify & Carbon Black Create Competitive Solution for MSSPs
Meny Har is the VP of Product for Siemplify. Advanced threats and an ever-evolving competitive landscape have created an increased demand for managed security services. Organizations of all sizes are turning to managed security services providers MSSPs to help them to effectively manage their...
nRF24 Playset - Software tools for Nordic Semiconductor nRF24-based Devices like Wireless Keyboards, Mice, and Presenters
The nRF24 Playset is a collection of software tools for wireless input devices like keyboards, mice, and presenters based on Nordic Semiconductor nRF24 transceivers, e.g. nRF24LE1 and nRF24LU1+. All software tools support USB dongles with the nrf-research-firmware by the Bastille Threat...
Radio Hack Box - Tool to Demonstrate Vulnerabilities in Wireless Input Devices
The SySS Radio Hack Box is a proof-of-concept software tool to demonstrate the replay and keystroke injection vulnerabilities of the wireless keyboard Cherry B.Unlimited AES. Requirements Raspberry Pi Raspberry Pi Radio Hack Box shield a LCD, some LEDs, and some buttons nRF24LU1+ USB radio dongle...
Logitech Unifying Receiver Key Injection (MouseJack)
The remote Windows host has used a Logitech Unifying Receiver wireless USB device with firmware version 12.01 or 12.03. It is potentially affected by a wireless key injection vulnerability that allows a physically local attacker to send keystrokes to the host. Note that Nessus cannot determine wh...
Kernel: HID: logitech-dj OOB array access
An out-of-bounds read flaw was found in the way the Logitech Unifying receiver driver handled HID reports with an invalid deviceindex value. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system...
Ubuntu: Security Advisory (USN-2394-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2395-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2395-1 advisory. Nadav Amit reported that the KVM Kernel Virtual Machine mishandles noncanonical addresses when emulating instructions that change the rip Instruction...
USN-2395-1 linux vulnerabilities
Nadav Amit reported that the KVM Kernel Virtual Machine mishandles noncanonical addresses when emulating instructions that change the rip Instruction Pointer. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service system crash of the guest. CVE-2014-3647 A flaw...
USN-2395-1: Linux kernel vulnerabilities
Nadav Amit reported that the KVM Kernel Virtual Machine mishandles noncanonical addresses when emulating instructions that change the rip Instruction Pointer. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service system crash of the guest. CVE-2014-3647 A flaw...
USN-2394-1: Linux kernel (Trusty HWE) vulnerabilities
Nadav Amit reported that the KVM Kernel Virtual Machine mishandles noncanonical addresses when emulating instructions that change the rip Instruction Pointer. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service system crash of the guest. CVE-2014-3647 A flaw...
Ubuntu: Security Advisory (USN-2377-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2377-1: Linux kernel (OMAP4) vulnerabilities
Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service system crash or possibly execute arbitrary code via specially crafted devices. CVE-2014-3181 A bounds check error...
Kernel: HID: logitech-dj OOB array access
An out-of-bounds read flaw was found in the way the Logitech Unifying receiver driver handled HID reports with an invalid deviceindex value. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system...