CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 0CVE-2023-35178 – HP Color LaserJet Pro M479fdw slangapp PATH_INFO Stack-based Buffer Overflow Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-35178
30 Jun 2023 — Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the slangapp binary. When parsing the value of the passed PATH_INFO variable, the process does not properly validate the length of user-suppl... • https://support.hp.com/us-en/document/ish_8651729-8651769-16/hpsbpi03854 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 0CVE-2023-35177 – HP Color LaserJet Pro M479fdw CFF Font Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35177
30 Jun 2023 — Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of CFF fonts. The issue results from the lack of proper validation of the length of user-supplied data prior to cop... • https://support.hp.com/us-en/document/ish_8651888-8651916-16/hpsbpi03853 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 0CVE-2023-35176 – HP Color LaserJet Pro M479fdw Serial_Number Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35176
30 Jun 2023 — Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the Serial_Number element. The issue results from the lac... • https://support.hp.com/us-en/document/ish_8651671-8651697-16/hpsbpi03852 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 76EXPL: 0CVE-2023-35175 – HP Color LaserJet Pro M479fdw msws Server-Side Request Forgery Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-35175
30 Jun 2023 — Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msws service. The issue results from the lack of proper val... • https://support.hp.com/us-en/document/ish_8651322-8651446-16/hpsbpi03851 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 76EXPL: 0CVE-2023-27973 – HP Color LaserJet Pro M479fdw ledm_advanced Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-27973
28 Apr 2023 — Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportFile handler. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-b... • https://support.hp.com/us-en/document/ish_7920137-7920161-16/hpsbpi03841 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 76EXPL: 0CVE-2023-27972 – HP Color LaserJet Pro M479fdw cacheddata_http_handler Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-27972
28 Apr 2023 — Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cacheddata_http_handler method. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed... • https://support.hp.com/us-en/document/ish_7920078-7920104-16/hpsbpi03840 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 76EXPL: 0CVE-2023-27971 – HP Color LaserJet Pro M479fdw msws Probe Message Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-27971
28 Apr 2023 — Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Probe messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-le... • https://support.hp.com/us-en/document/ish_7919962-7920003-16/hpsbpi03839 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 5821EXPL: 0CVE-2021-3942
https://notcve.org/view.php?id=CVE-2021-3942
22 Nov 2022 — Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR. Ciertos productos HP Print y productos Digital Sending pueden ser vulnerables a una posible ejecución remota de código y desbordamiento de búfer con el uso de resolución de nombres de multidifusión local de enlace o LLMNR. • https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 138EXPL: 0CVE-2022-24293 – HP LaserJet Pro MFP M283fdw eContactRestore Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24293
23 Mar 2022 — Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Algunos dispositivos de impresión de HP pueden ser vulnerables a una divulgación potencial de información, una denegación de servicio o a una ejecución de código remota This vulnerability allows remote attackers to execute arbitrary code on affected installations of HP LaserJet Pro MFP M283fdw printers. Although authentication is required to exploit this vulnerability, the existing au... • https://support.hp.com/us-en/document/ish_5950417-5950443-16 •
CVSS: 7.8EPSS: 0%CPEs: 138EXPL: 0CVE-2022-24291 – HP LaserJet Pro MFP M283fdw ScanJobs Memory Corruption Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-24291
23 Mar 2022 — Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Algunos dispositivos de impresión de HP pueden ser vulnerables a una posible divulgación de información, denegación de servicio o ejecución de código remota This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of HP LaserJet Pro MFP M283fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw ... • https://support.hp.com/us-en/document/ish_5950417-5950443-16 •