CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1697 – HP Touchpoint Analytics Service – Potential Escalation of Privilege
https://notcve.org/view.php?id=CVE-2025-1697
18 Apr 2025 — A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to mitigate this potential vulnerability. Se ha identificado una posible vulnerabilidad de seguridad en HP Touchpoint Analytics Service para ciertos productos de PC HP con versiones anteriores a la 4.2.2439. Esta vulnerabilidad podría permit... • https://support.hp.com/us-en/document/ish_12269975-12269997-16/hpsbgn04008 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26508 – Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-26508
14 Feb 2025 — Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP LaserJet Pro MFP 3301fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data. The issue results from the lack of p... • https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26507 – Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-26507
14 Feb 2025 — Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. This vulnerability allows local attackers to escalate privileges on affected installations of HP LaserJet Pro MFP 3301fdw printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the suidex... • https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26506 – Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-26506
14 Feb 2025 — Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP LaserJet Pro MFP 3301fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data. The issue results from the lack of p... • https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0858 – Certain Poly Devices – Path Traversal Vulnerability - Arbitrary File Access by Unauthorized User
https://notcve.org/view.php?id=CVE-2025-0858
05 Feb 2025 — A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in Poly Edge E devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure. A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure. • https://support.hp.com/us-en/document/ish_11926124-11926148-16/hpsbpy03996 • CWE-35: Path Traversal: '.../ •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1003 – HP Anyware Agent for Linux – Potential Authentication Bypass
https://notcve.org/view.php?id=CVE-2025-1003
03 Feb 2025 — A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability. • https://support.hp.com/us-en/document/ish_11920613-11920636-16 • CWE-273: Improper Check for Dropped Privileges •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9579 – Certain Poly Video Conference Devices – Potential Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9579
05 Nov 2024 — A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself. Se descubrió una vulnerabilidad potencial en ciertos dispositivos de videoconferencia de Poly. El fallo del firmware no desinfecta adecuadamente la entrada del usuario. • https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9419 – Certain HP Print Products–Potential Remote Code Execution and/or Elevation of Privilege with the HP Smart Universal Printing Driver
https://notcve.org/view.php?id=CVE-2024-9419
30 Oct 2024 — Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC. Los equipos cliente/servidor con el controlador de impresión universal inteligente de HP instalado son potencialmente vulnerables a la ejecución remota de ... • https://support.hp.com/us-en/document/ish_11505949-11505972-16 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5749 – Certain HP DesignJet products – Credential reflection
https://notcve.org/view.php?id=CVE-2024-5749
15 Oct 2024 — Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. • https://support.hp.com/us-en/document/ish_11428772-11428805-16/hpsbpi03979 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2024-27458 – HP Hotkey Support – Escalation of Privilege
https://notcve.org/view.php?id=CVE-2024-27458
07 Oct 2024 — A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support. • https://support.hp.com/us-en/document/ish_11342101-11342130-16/hpsbhf03977 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •