CVSS: 7.5EPSS: 11%CPEs: 3EXPL: 0CVE-2010-4267 – hplip: remote stack overflow vulnerability
https://notcve.org/view.php?id=CVE-2010-4267
Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value. Desbordamiento de búfer basado en pila en la función hpmud_get_pml de io/hpmud/pml.c de Hewlett-Packard Linux Imaging and Printing (HPLIP) v1.6.7, v3.9.8, v3.10.9 y puede que otras versiones, permite a atacantes remotos provocar una denegación de servicio (caída) y probablemente ejecutar código de su elección mediante una respuesta SNMP manipulada con un valor de longitud largo. • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053472.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053474.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://osvdb.org/70498 http://secunia.com/advisories/42939 http://secunia.com/advisories/42956 http://secunia.com/advisories/43022 http://secunia.com/advisories/43068 http://secunia. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2941 – hplip hpssd.py Denial-Of-Service parsing vulnerability
https://notcve.org/view.php?id=CVE-2008-2941
The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207. El analizador de mensajes hpssd en hpssd.py HP Linux Imaging and Printing (HPLIP) 1.6.7 permite a los usuarios locales provocar una denegación de servicio (con parada de proceso) a través de un paquete modificado, como se ha demostrado mediante el envío de "msg = 0" al puerto TCP 2207. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html http://secunia.com/advisories/31470 http://secunia.com/advisories/31499 http://secunia.com/advisories/32316 http://secunia.com/advisories/32792 http://securitytracker.com/id?1020683 http://www.mandriva.com/security/advisories?name=MDVSA-2008:169 http://www.redhat.com/support/errata/RHSA-2008-0818.html http://www.securityfocus.com/bid/30683 http://www.ubuntu.com/usn/USN-674-1 http://www.ubuntu.com&#x • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2940 – hpssd of hplip allows unprivileged user to trigger alert mail
https://notcve.org/view.php?id=CVE-2008-2940
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message. La implementación del envío de alertas por correo del HP Linux Imaging and Printing (HPLIP)1.6.7 permite a usuarios locales obtener privilegios y enviar mensajes de correo electrónico desde la cuenta de root a través de vectores relacionados con el mensaje "setalerts", y una falta de validación del URI del dispositivo asociado con mensaje de evento. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html http://secunia.com/advisories/31470 http://secunia.com/advisories/31499 http://secunia.com/advisories/32316 http://secunia.com/advisories/32792 http://securitytracker.com/id?1020684 http://www.mandriva.com/security/advisories?name=MDVSA-2008:169 http://www.redhat.com/support/errata/RHSA-2008-0818.html http://www.securityfocus.com/bid/30683 http://www.ubuntu.com/usn/USN-674-1 http://www.ubuntu.com&#x • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 44%CPEs: 2EXPL: 1CVE-2007-5208 – hplip - 'hpssd.py' From Address Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2007-5208
hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail. hpssd en Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x y 2.x anterior a 2.7.10 permite a atacantes remotos dependientes de contexto ejecutar comandos de su elección mediante metacaracteres de shell en una dirección from, los cuales no son manejados adecuadamente al invocar a sendmail. • https://www.exploit-db.com/exploits/16837 http://bugs.gentoo.org/show_bug.cgi?id=195565 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://qa.mandriva.com/show_bug.cgi?id=30719 http://secunia.com/advisories/27202 http://secunia.com/advisories/27221 http://secunia.com/advisories/27224 http://secunia.com/advisories/27232 http://secunia.com/advisories/27271 http://secunia.com/advisories/27332 http://secunia.com/advisories/27397 http://secu • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •