CVSS: 7.5EPSS: 11%CPEs: 3EXPL: 0CVE-2010-4267 – hplip: remote stack overflow vulnerability
https://notcve.org/view.php?id=CVE-2010-4267
Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value. Desbordamiento de búfer basado en pila en la función hpmud_get_pml de io/hpmud/pml.c de Hewlett-Packard Linux Imaging and Printing (HPLIP) v1.6.7, v3.9.8, v3.10.9 y puede que otras versiones, permite a atacantes remotos provocar una denegación de servicio (caída) y probablemente ejecutar código de su elección mediante una respuesta SNMP manipulada con un valor de longitud largo. • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053472.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053474.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://osvdb.org/70498 http://secunia.com/advisories/42939 http://secunia.com/advisories/42956 http://secunia.com/advisories/43022 http://secunia.com/advisories/43068 http://secunia. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 44%CPEs: 2EXPL: 1CVE-2007-5208 – hplip - 'hpssd.py' From Address Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2007-5208
hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail. hpssd en Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x y 2.x anterior a 2.7.10 permite a atacantes remotos dependientes de contexto ejecutar comandos de su elección mediante metacaracteres de shell en una dirección from, los cuales no son manejados adecuadamente al invocar a sendmail. • https://www.exploit-db.com/exploits/16837 http://bugs.gentoo.org/show_bug.cgi?id=195565 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://qa.mandriva.com/show_bug.cgi?id=30719 http://secunia.com/advisories/27202 http://secunia.com/advisories/27221 http://secunia.com/advisories/27224 http://secunia.com/advisories/27232 http://secunia.com/advisories/27271 http://secunia.com/advisories/27332 http://secunia.com/advisories/27397 http://secu • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •