VYPR

Vendor CVEs

Vasion

All CVEs

94 total · sorted by risk
  • CVE-2025-27660MedMar 5, 2025
    risk 0.35cvss 5.4epss 0.00

    Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross Site Scripting OVE-20230524-0003.

  • CVE-2025-34205Sep 19, 2025
    risk 0.01cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in multiple Docker-hosted PHP instances. A script named /var/www/app/resetroot.php (found…

  • CVE-2025-34210Oct 2, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) in cleartext files that are world-readable. Any…

  • CVE-2025-34208Oct 2, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's `hash()` function in multiple files…

  • CVE-2025-34217Sep 30, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '~/.ssh/authorized_keys' and a sudoers rule granting the printerlogic_ssh group 'NOPASSWD: ALL'.…

  • CVE-2025-34235Sep 29, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation.…

  • CVE-2025-34221Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 (VA/SaaS deployments) expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge…

  • CVE-2025-34215Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: a public page returns a signed token usable at va-api/v1/update, and every…

  • CVE-2025-34224Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose a set of PHP scripts under the `console_release` directory without requiring authentication. An unauthenticated…

  • CVE-2025-34220Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contains a /api-gateway/identity/search-groups endpoint that does not require authentication. Requests to…

  • CVE-2025-34222Sep 29, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes – /admin/hp/cert_upload, /admin/hp/cert_delete, /admin/certs/ca, and…

  • CVE-2025-34228Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `/var/www/app/console_release/lexmark/update.php` script is…

  • CVE-2025-34229Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/console_release/hp/installApp.…

  • CVE-2025-34230Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/console_release/hp/log_off_single…

  • CVE-2025-34231Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side request forgery (SSRF) vulnerability. The '/var/www/app/console_release/hp/badgeSetup…

  • CVE-2025-34225Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `console_release` directory is reachable from the internet…

  • CVE-2025-34216Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (VA deployments only) expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same…

  • CVE-2025-34233Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a protection mechanism failure vulnerability within the file_get_contents() function. When an administrator configures…

  • CVE-2025-34207Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the following options: `UserKnownHostsFile=/dev/null`, `StrictHostKeyChecking=no`,…

  • CVE-2025-34223Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) contain a default admin account and an installation‑time endpoint at `/admin/query/update_database.php` that can be…

  • CVE-2025-34212Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain…

  • CVE-2025-34211Sep 29, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA and SaaS deployments) contain a private SSL key and matching public certificate stored in cleartext. The key belongs to the hostname…

  • CVE-2025-34209Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 (VA and SaaS deployments) contain Docker images with the private GPG key and passphrase for the account *no‑reply+virtual‑appliance@printerlogic.com*. The key…

  • CVE-2025-34234Sep 29, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that are shipped in the application containers (printerlogic/pi,…

  • CVE-2025-34218Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists…

  • CVE-2025-34232Sep 29, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/console_release/lexmark/dellCheck…

  • CVE-2025-34196Sep 29, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain a hardcoded private key for the PrinterLogic Certificate Authority (CA) and a hardcoded password in product…

  • CVE-2025-34191Sep 19, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes…

  • CVE-2025-34190Sep 19, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (macOS/Linux client deployments) are vulnerable to an authentication bypass in PrinterInstallerClientService. The service requires root privileges…

  • CVE-2025-34202Sep 19, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an attacker on the same external L2 segment — or an attacker able to add routes using…

  • CVE-2025-34189Sep 19, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request…

  • CVE-2025-34206Sep 19, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env,…

  • CVE-2025-34199Sep 19, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 (VA and SaaS deployments) contain insecure defaults and code patterns that disable TLS/SSL certificate verification for communications to printers…

  • CVE-2025-34193Sep 19, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client components (PrinterInstallerClientInterface.exe, PrinterInstallerClient.exe, PrinterInstallerClientLauncher.exe) that lack…

  • CVE-2025-34201Sep 19, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) run many Docker containers on shared internal networks without firewalling or segmentation between instances. A compromise of any single container allows direct access to…

  • CVE-2025-34188Sep 19, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and…

  • CVE-2025-34194Sep 19, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments) contain an insecure temporary-file handling vulnerability in the PrinterInstallerClient components. The software…

  • CVE-2025-34200Sep 19, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker with local shell access can…

  • CVE-2025-34204Sep 19, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) contains multiple Docker containers that run primary application processes (for example PHP workers, Node.js servers and custom binaries) as the root user. This increases the…

  • CVE-2025-34198Sep 19, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 (VA and SaaS deployments) contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys (RSA, ECDSA, and ED25519) are…

  • CVE-2025-34197Sep 19, 2025
    risk 0.00cvss epss 0.00

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless…

  • CVE-2025-34192Sep 19, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fips (released May 2016), which has been end-of-life since 2019 and is no longer…

  • CVE-2025-34195Sep 19, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability during driver installation caused by unquoted program paths. The…

  • CVE-2025-34203Sep 19, 2025
    risk 0.00cvss epss 0.01

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that include outdated, end-of-life, unsupported, or otherwise vulnerable third-party…

Page 2 of 2