Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
logitech vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-15722
The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.
Logitech Harmony Hub Firmware
9.8
CVSSv3
CVE-2018-15720
Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API.
Logitech Harmony Hub Firmware
9.8
CVSSv3
CVE-2018-15723
The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).
Logitech Harmony Hub Firmware
7
CVSSv3
CVE-2022-0915
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows before 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user.
Logitech Sync
8.8
CVSSv3
CVE-2022-0916
An issue exists in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
Logitech Options
6.5
CVSSv3
CVE-2019-13053
Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761.
Logitech Unifying Receiver Firmware -
6 Github repositories
NA
CVE-2007-2918
Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote malicious users to cau...
Logitech Videocall
1 EDB exploit
7.3
CVSSv3
CVE-2022-36263
StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file.
Logitech Streamlabs Desktop 1.9.0
7.8
CVSSv3
CVE-2018-0620
Untrusted search path vulnerability in LOGICOOL Game Software versions prior to 8.87.116 allows an malicious user to gain privileges via a Trojan horse DLL in an unspecified directory.
Logitech Game Software
5.4
CVSSv3
CVE-2017-16567
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote malicious users to inject arbitrary web script or HTML via a "favorite."
Logitech Media Server 7.9.0
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »