CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26508 – Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-26508
14 Feb 2025 — Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP LaserJet Pro MFP 3301fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data. The issue results from the lack of p... • https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26507 – Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-26507
14 Feb 2025 — Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. This vulnerability allows local attackers to escalate privileges on affected installations of HP LaserJet Pro MFP 3301fdw printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the suidex... • https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26506 – Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-26506
14 Feb 2025 — Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP LaserJet Pro MFP 3301fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data. The issue results from the lack of p... • https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0858 – Certain Poly Devices – Path Traversal Vulnerability - Arbitrary File Access by Unauthorized User
https://notcve.org/view.php?id=CVE-2025-0858
05 Feb 2025 — A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in Poly Edge E devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure. A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure. • https://support.hp.com/us-en/document/ish_11926124-11926148-16/hpsbpy03996 • CWE-35: Path Traversal: '.../ •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1003 – HP Anyware Agent for Linux – Potential Authentication Bypass
https://notcve.org/view.php?id=CVE-2025-1003
03 Feb 2025 — A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability. • https://support.hp.com/us-en/document/ish_11920613-11920636-16 • CWE-273: Improper Check for Dropped Privileges •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9579 – Certain Poly Video Conference Devices – Potential Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9579
05 Nov 2024 — A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself. Se descubrió una vulnerabilidad potencial en ciertos dispositivos de videoconferencia de Poly. El fallo del firmware no desinfecta adecuadamente la entrada del usuario. • https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9419 – Certain HP Print Products–Potential Remote Code Execution and/or Elevation of Privilege with the HP Smart Universal Printing Driver
https://notcve.org/view.php?id=CVE-2024-9419
30 Oct 2024 — Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC. Los equipos cliente/servidor con el controlador de impresión universal inteligente de HP instalado son potencialmente vulnerables a la ejecución remota de ... • https://support.hp.com/us-en/document/ish_11505949-11505972-16 • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8733 – HP One Agent Software – Potential Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-8733
02 Oct 2024 — A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. • https://support.hp.com/us-en/document/ish_11270215-11270239-16 • CWE-426: Untrusted Search Path •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5760
https://notcve.org/view.php?id=CVE-2024-5760
11 Sep 2024 — The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the application released or manufactured before 2018. • https://support.hp.com/us-en/document/ish_11159589-11159645-16/hpsbpi03970 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7720 – HP Security Manager - Potential Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-7720
27 Aug 2024 — HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. • https://support.hp.com/us-en/document/ish_11074404-11074432-16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •