CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2019-16285 – HP ThinPro 6.x / 7.x Information Disclosure
https://notcve.org/view.php?id=CVE-2019-16285
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive. Si un usuario local se configuró e inició sesión, un atacante no autenticado con acceso físico puede extraer información confidencial en una unidad local. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a local physical access information disclosure vulnerability. • http://packetstormsecurity.com/files/156895/HP-ThinPro-6.x-7.x-Information-Disclosure.html http://seclists.org/fulldisclosure/2020/Mar/30 https://support.hp.com/us-en/document/c06509350 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 1CVE-2019-18909 – HP ThinPro 6.x / 7.x Citrix Command Injection
https://notcve.org/view.php?id=CVE-2019-18909
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges. El software VPN dentro de HP ThinPro no maneja de forma segura la entrada suministrada por parte el usuario, lo que puede ser aprovechado por un atacante para inyectar comandos que se ejecutarán con privilegios de root. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a Citrix receiver connection wrapper command injection vulnerability. • http://packetstormsecurity.com/files/156907/HP-ThinPro-6.x-7.x-Citrix-Command-Injection.html http://seclists.org/fulldisclosure/2020/Mar/39 https://support.hp.com/us-en/document/c06509350 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2019-16287 – HP ThinPro 6.x / 7.x Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-16287
In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges. En HP ThinPro Linux 6.2, 6.2.1, 7.0 y 7.1, un atacante puede aprovechar la vulnerabilidad de omisión del filtro de la aplicación para obtener acceso privilegiado para crear un archivo en el sistema de archivos local cuya presencia pone el dispositivo en modo administrativo, lo que Permitir al atacante ejecutar comandos con privilegios elevados. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a local privilege escalation vulnerability. • http://packetstormsecurity.com/files/156899/HP-ThinPro-6.x-7.x-Privilege-Escalation.html http://seclists.org/fulldisclosure/2020/Mar/38 https://support.hp.com/us-en/document/c06509350 •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-18910 – HP ThinPro 6.x / 7.x Privileged Command Injection
https://notcve.org/view.php?id=CVE-2019-18910
The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges. La función de contenedor Citrix Receiver no maneja de forma segura la entrada suministrada por parte el usuario, lo que puede ser aprovechado por un atacante para inyectar comandos que se ejecutarán con privilegios de usuario local. HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from a privileged command injection vulnerability. • http://packetstormsecurity.com/files/156909/HP-ThinPro-6.x-7.x-Privileged-Command-Injection.html http://seclists.org/fulldisclosure/2020/Mar/40 https://support.hp.com/us-en/document/c06509350 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 83EXPL: 0CVE-2019-10627
https://notcve.org/view.php?id=CVE-2019-10627
Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in PostScript and PDF printers that use IPS versions prior to 2019.2 Vulnerabilidad de desbordamiento de enteros para un desbordamiento de búfer en el código de manejo de imágenes PostScript usado por los intérpretes compatibles con PostScript y PDF debido a un cálculo incorrecto del tamaño del búfer. En impresoras PostScript y PDF que usan IPS versiones anteriores a 2019.2 y en impresoras PostScript y PDF que usan IPS versiones anteriores a 2019.2. • https://support.hp.com/us-en/document/c06458150 https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size CWE-190: Integer Overflow or Wraparound •