Hplip
by Microfocus
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0839 | Hig | 0.53 | 8.1 | 0.06 | Aug 2, 2017 | The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads. | ||
| CVE-2020-6923 | Med | 0.37 | 5.7 | 0.00 | Dec 19, 2024 | The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow. | ||
| CVE-2011-2697 | 0.01 | — | 0.11 | Jul 29, 2011 | foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file. | |||
| CVE-2013-6427 | 0.00 | — | 0.04 | Dec 9, 2013 | upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream. | |||
| CVE-2013-4325 | 0.00 | — | 0.00 | Sep 23, 2013 | The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess… | |||
| CVE-2009-0122 | 0.00 | — | 0.01 | Jan 15, 2009 | hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to… | |||
| CVE-2008-2941 | 0.00 | — | 0.01 | Aug 14, 2008 | The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207. | |||
| CVE-2008-2940 | 0.00 | — | 0.00 | Aug 14, 2008 | The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event… |
- risk 0.53cvss 8.1epss 0.06
The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.
- risk 0.37cvss 5.7epss 0.00
The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.
- CVE-2011-2697Jul 29, 2011risk 0.01cvss —epss 0.11
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
- CVE-2013-6427Dec 9, 2013risk 0.00cvss —epss 0.04
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.
- CVE-2013-4325Sep 23, 2013risk 0.00cvss —epss 0.00
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess…
- CVE-2009-0122Jan 15, 2009risk 0.00cvss —epss 0.01
hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to…
- CVE-2008-2941Aug 14, 2008risk 0.00cvss —epss 0.01
The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.
- CVE-2008-2940Aug 14, 2008risk 0.00cvss —epss 0.00
The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event…