Virtual Appliance Host
by Vasion
CVEs (78)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-27642 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Unauthenticated Driver Package Editing V-2024-008. | ||
| CVE-2025-27641 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009. | ||
| CVE-2025-27640 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows SQL Injection V-2024-012. | ||
| CVE-2025-27638 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013. | ||
| CVE-2025-27673 | Cri | 0.59 | 9.1 | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017. | ||
| CVE-2025-27661 | Cri | 0.59 | 9.1 | 0.00 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Session Fixation OVE-20230524-0004. | ||
| CVE-2025-27683 | Hig | 0.57 | 8.8 | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Driver Unrestricted Upload of File with Dangerous Type V-2022-006. | ||
| CVE-2025-27664 | Hig | 0.57 | 8.8 | 0.00 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient CSRF Protection OVE-20230524-0008. | ||
| CVE-2025-27644 | Hig | 0.51 | 7.8 | 0.00 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007. | ||
| CVE-2025-27685 | Hig | 0.49 | 7.5 | 0.00 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001. | ||
| CVE-2025-27684 | Hig | 0.49 | 7.5 | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Debug Bundle Contains Sensitive Data V-2022-003. | ||
| CVE-2025-27669 | Hig | 0.49 | 7.5 | 0.01 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Network Scanning (XSPA)/DoS OVE-20230524-0013. | ||
| CVE-2025-27654 | Med | 0.40 | 6.1 | 0.00 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017. | ||
| CVE-2025-27653 | Med | 0.40 | 6.1 | 0.00 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012. | ||
| CVE-2025-27637 | Med | 0.40 | 6.1 | 0.00 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016. | ||
| CVE-2025-27660 | Med | 0.35 | 5.4 | 0.00 | Mar 5, 2025 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross Site Scripting OVE-20230524-0003. | ||
| CVE-2025-34205 | 0.01 | — | 0.01 | Sep 19, 2025 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in multiple Docker-hosted PHP instances. A script named /var/www/app/resetroot.php (found… | |||
| CVE-2025-34210 | 0.00 | — | 0.00 | Oct 2, 2025 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) in cleartext files that are world-readable. Any… | |||
| CVE-2025-34208 | 0.00 | — | 0.00 | Oct 2, 2025 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's `hash()` function in multiple files… | |||
| CVE-2025-34217 | 0.00 | — | 0.01 | Sep 30, 2025 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '~/.ssh/authorized_keys' and a sudoers rule granting the printerlogic_ssh group 'NOPASSWD: ALL'.… |
- risk 0.64cvss 9.8epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Unauthenticated Driver Package Editing V-2024-008.
- risk 0.64cvss 9.8epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009.
- risk 0.64cvss 9.8epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows SQL Injection V-2024-012.
- risk 0.64cvss 9.8epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013.
- risk 0.59cvss 9.1epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017.
- risk 0.59cvss 9.1epss 0.00
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Session Fixation OVE-20230524-0004.
- risk 0.57cvss 8.8epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Driver Unrestricted Upload of File with Dangerous Type V-2022-006.
- risk 0.57cvss 8.8epss 0.00
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient CSRF Protection OVE-20230524-0008.
- risk 0.51cvss 7.8epss 0.00
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007.
- risk 0.49cvss 7.5epss 0.00
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001.
- risk 0.49cvss 7.5epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Debug Bundle Contains Sensitive Data V-2022-003.
- risk 0.49cvss 7.5epss 0.01
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Network Scanning (XSPA)/DoS OVE-20230524-0013.
- risk 0.40cvss 6.1epss 0.00
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017.
- risk 0.40cvss 6.1epss 0.00
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012.
- risk 0.40cvss 6.1epss 0.00
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016.
- risk 0.35cvss 5.4epss 0.00
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross Site Scripting OVE-20230524-0003.
- CVE-2025-34205Sep 19, 2025risk 0.01cvss —epss 0.01
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in multiple Docker-hosted PHP instances. A script named /var/www/app/resetroot.php (found…
- CVE-2025-34210Oct 2, 2025risk 0.00cvss —epss 0.00
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) in cleartext files that are world-readable. Any…
- CVE-2025-34208Oct 2, 2025risk 0.00cvss —epss 0.00
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's `hash()` function in multiple files…
- CVE-2025-34217Sep 30, 2025risk 0.00cvss —epss 0.01
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '~/.ssh/authorized_keys' and a sudoers rule granting the printerlogic_ssh group 'NOPASSWD: ALL'.…
Page 2 of 4