35 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1133EXPL: 0

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. Certain HP Enterprise LaserJet and HP LaserJet Managed Printers son potencialmente vulnerables a la denegación de servicio debido a la solicitud de WS-Print y posibles inyecciones de Cross Site Scripting (XSS) a través de jQuery-UI. • https://support.hp.com/us-en/document/ish_9365285-9365309-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 0

Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. • https://support.hp.com/us-en/document/ish_8746769-8746795-16/hpsbpi03855 • CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 0

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the slangapp binary. When parsing the value of the passed PATH_INFO variable, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://support.hp.com/us-en/document/ish_8651729-8651769-16/hpsbpi03854 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 0

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of CFF fonts. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. • https://support.hp.com/us-en/document/ish_8651888-8651916-16/hpsbpi03853 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 0

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the Serial_Number element. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. • https://support.hp.com/us-en/document/ish_8651671-8651697-16/hpsbpi03852 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •