CVSS: 7.8EPSS: 1%CPEs: 382EXPL: 2CVE-2021-3438
https://notcve.org/view.php?id=CVE-2021-3438
20 May 2021 — A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege. Un posible desbordamiento del búfer en los controladores de software para determinados productos HP LaserJet e impresoras de productos Samsung podría desencadenar una escalada de privilegios • https://github.com/CrackerCat/CVE-2021-3438 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 164EXPL: 1CVE-2009-0940
https://notcve.org/view.php?id=CVE-2009-0940
18 Mar 2009 — Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 164EXPL: 0CVE-2009-0941
https://notcve.org/view.php?id=CVE-2009-0941
18 Mar 2009 — The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders has no management password by default, which makes it easier for remote attackers to obtain access. El HP Embedded Web Server (EWS) en HP LaserJet Printers, Edgeline Printers, y Digital Senders no tiene contraseña de administración por defecto, lo que facilita a atacantes remotos el obtener acceso. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 2CVE-2007-0161 – HP (Multiple Products) - PML Driver HPZ12 Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-0161
10 Jan 2007 — The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023. El controlador PML HPZ12 (HPZipm12.exe) en los controladores todo en uno de HP, usado en múltiples productos HP, utiliza permisos no seguros SERVICE_CHANGE_CONFIG DACL, lo cual permite a un usuario ... • https://www.exploit-db.com/exploits/29403 •