VYPR
Vendor

Logitech

Products
24
CVEs
27
Across products
34
Status
Private

Products

24

Recent CVEs

27
View all 27 CVEs →
  • CVE-2018-0620HigJul 26, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2026-43049HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure Presently, if the force feedback initialisation fails when probing the Logitech G920 Driving Force Racing Wheel for Xbox…

  • CVE-2017-15687MedOct 23, 2017
    risk 0.43cvss 6.1epss 0.01

    DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.

  • CVE-2016-6257MedAug 2, 2016
    risk 0.42cvss 6.5epss 0.01

    The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input…

  • CVE-2017-16568MedNov 10, 2017
    risk 0.38cvss 5.4epss 0.02

    Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the…

  • CVE-2017-16567MedNov 10, 2017
    risk 0.38cvss 5.4epss 0.02

    Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected…

  • CVE-2024-4031MedApr 23, 2024
    risk 0.29cvss 4.4epss 0.00

    Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM APP on Windows allows Local Execution of Code.

  • CVE-2007-2918Jun 1, 2007
    risk 0.06cvss epss 0.34

    Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a…

  • CVE-2018-15723Dec 20, 2018
    risk 0.01cvss epss 0.04

    The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo).

  • CVE-2008-0956Jun 12, 2008
    risk 0.01cvss epss 0.08

    Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager (LDM) before 2.56, allow remote attackers to execute…

  • CVE-2024-8258Sep 10, 2024
    risk 0.00cvss epss 0.00

    Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.

  • CVE-2024-8011Aug 25, 2024
    risk 0.00cvss epss 0.00

    Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.

  • CVE-2024-2537Mar 15, 2024
    risk 0.00cvss epss 0.00

    Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion.

  • CVE-2022-0916May 3, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.

  • CVE-2021-38547Aug 11, 2021
    risk 0.00cvss epss 0.01

    Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line,…

  • CVE-2019-13055Jun 29, 2019
    risk 0.00cvss epss 0.01

    Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard.

  • CVE-2019-13054Jun 29, 2019
    risk 0.00cvss epss 0.01

    The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z.

  • CVE-2019-13053Jun 29, 2019
    risk 0.00cvss epss 0.01

    Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761.

  • CVE-2016-10761Jun 29, 2019
    risk 0.00cvss epss 0.01

    Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.

  • CVE-2019-13052Jun 29, 2019
    risk 0.00cvss epss 0.01

    Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed.