VYPR

Application

by Printerlogic

CVEs (23)

  • CVE-2025-34223CriSep 29, 2025
    risk 0.64cvss 9.8epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) contain a default admin account and an installation‑time endpoint at `/admin/query/update_database.php` that can be…

  • CVE-2025-34221CriSep 29, 2025
    risk 0.64cvss 9.8epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 (VA/SaaS deployments) expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge…

  • CVE-2025-34212CriSep 29, 2025
    risk 0.64cvss 9.8epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain…

  • CVE-2025-34207CriSep 29, 2025
    risk 0.64cvss 9.8epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the following options: `UserKnownHostsFile=/dev/null`, `StrictHostKeyChecking=no`,…

  • CVE-2025-34205CriSep 19, 2025
    risk 0.64cvss 9.8epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in multiple Docker-hosted PHP instances. A script named /var/www/app/resetroot.php (found…

  • CVE-2025-34198CriSep 19, 2025
    risk 0.64cvss 9.8epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 (VA and SaaS deployments) contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys (RSA, ECDSA, and ED25519) are…

  • CVE-2025-34193CriSep 19, 2025
    risk 0.64cvss 9.8epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client components (PrinterInstallerClientInterface.exe, PrinterInstallerClient.exe, PrinterInstallerClientLauncher.exe) that lack…

  • CVE-2025-34192CriSep 19, 2025
    risk 0.64cvss 9.8epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fips (released May 2016), which has been end-of-life since 2019 and is no longer…

  • CVE-2025-27672CriMar 5, 2025
    risk 0.64cvss 9.8epss 0.01

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016.

  • CVE-2025-34224CriSep 29, 2025
    risk 0.59cvss 9.1epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose a set of PHP scripts under the `console_release` directory without requiring authentication. An unauthenticated…

  • CVE-2025-34222CriSep 29, 2025
    risk 0.59cvss 9.1epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes – /admin/hp/cert_upload, /admin/hp/cert_delete, /admin/certs/ca, and…

  • CVE-2025-34231HigSep 29, 2025
    risk 0.56cvss 8.6epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side request forgery (SSRF) vulnerability. The '/var/www/app/console_release/hp/badgeSetup…

  • CVE-2025-34228HigSep 29, 2025
    risk 0.56cvss 8.6epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `/var/www/app/console_release/lexmark/update.php` script is…

  • CVE-2025-34225HigSep 29, 2025
    risk 0.56cvss 8.6epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `console_release` directory is reachable from the internet…

  • CVE-2025-34191HigSep 19, 2025
    risk 0.55cvss 8.4epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes…

  • CVE-2025-34199HigSep 19, 2025
    risk 0.53cvss 8.1epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 (VA and SaaS deployments) contain insecure defaults and code patterns that disable TLS/SSL certificate verification for communications to printers…

  • CVE-2025-34235HigSep 29, 2025
    risk 0.51cvss 7.8epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation.…

  • CVE-2025-34197HigSep 19, 2025
    risk 0.51cvss 7.8epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless…

  • CVE-2025-34189HigSep 19, 2025
    risk 0.51cvss 7.8epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request…

  • CVE-2025-34188HigSep 19, 2025
    risk 0.51cvss 7.8epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and…

Page 1 of 2