CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9423 – Certain HP LaserJet Printers – Potential Denial of Service
https://notcve.org/view.php?id=CVE-2024-9423
02 Oct 2024 — Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, potentially blocking queued print jobs. • https://support.hp.com/us-en/document/ish_11266441-11266463-16/hpsbpi03976 • CWE-241: Improper Handling of Unexpected Data Type •
CVSS: 6.4EPSS: 0%CPEs: 1133EXPL: 0CVE-2023-5113 – Certain HP Enterprise LaserJet, LaserJet Managed printers - Potential denial of service, potential Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-5113
04 Oct 2023 — Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. Certain HP Enterprise LaserJet and HP LaserJet Managed Printers son potencialmente vulnerables a la denegación de servicio debido a la solicitud de WS-Print y posibles inyecciones de Cross Site Scripting (XSS) a través de jQuery-UI. • https://support.hp.com/us-en/document/ish_9365285-9365309-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 38EXPL: 0CVE-2023-26301
https://notcve.org/view.php?id=CVE-2023-26301
21 Jul 2023 — Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. • https://support.hp.com/us-en/document/ish_8746769-8746795-16/hpsbpi03855 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 0CVE-2023-35178 – HP Color LaserJet Pro M479fdw slangapp PATH_INFO Stack-based Buffer Overflow Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-35178
30 Jun 2023 — Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the slangapp binary. When parsing the value of the passed PATH_INFO variable, the process does not properly validate the length of user-suppl... • https://support.hp.com/us-en/document/ish_8651729-8651769-16/hpsbpi03854 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 0CVE-2023-35177 – HP Color LaserJet Pro M479fdw CFF Font Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35177
30 Jun 2023 — Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of CFF fonts. The issue results from the lack of proper validation of the length of user-supplied data prior to cop... • https://support.hp.com/us-en/document/ish_8651888-8651916-16/hpsbpi03853 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 0CVE-2023-35176 – HP Color LaserJet Pro M479fdw Serial_Number Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35176
30 Jun 2023 — Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the Serial_Number element. The issue results from the lac... • https://support.hp.com/us-en/document/ish_8651671-8651697-16/hpsbpi03852 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 76EXPL: 0CVE-2023-35175 – HP Color LaserJet Pro M479fdw msws Server-Side Request Forgery Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35175
30 Jun 2023 — Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msws service. The issue results from the lack of proper val... • https://support.hp.com/us-en/document/ish_8651322-8651446-16/hpsbpi03851 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 5%CPEs: 1914EXPL: 0CVE-2023-1329
https://notcve.org/view.php?id=CVE-2023-1329
14 Jun 2023 — A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products. • https://support.hp.com/us-en/document/ish_8585737-8585769-16/hpsbpi03849 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 318EXPL: 0CVE-2023-1707
https://notcve.org/view.php?id=CVE-2023-1707
13 Jun 2023 — Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6. • https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838 • CWE-203: Observable Discrepancy •
CVSS: 10.0EPSS: 0%CPEs: 76EXPL: 0CVE-2023-27973 – HP Color LaserJet Pro M479fdw ledm_advanced Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-27973
28 Apr 2023 — Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportFile handler. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-b... • https://support.hp.com/us-en/document/ish_7920137-7920161-16/hpsbpi03841 • CWE-787: Out-of-bounds Write •