Vulnerabilities > HP > Linux Imaging AND Printing Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-15 | CVE-2012-6108 | Permissions, Privileges, and Access Controls vulnerability in HP Linux Imaging and Printing Project HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operations. | 2.1 |
| 2014-01-05 | CVE-2013-6402 | Link Following vulnerability in HP Linux Imaging and Printing Project base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. | 2.1 |
| 2013-12-09 | CVE-2013-6427 | Code Injection vulnerability in HP Linux Imaging and Printing Project upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream. | 6.8 |
| 2013-09-23 | CVE-2013-4325 | Permissions, Privileges, and Access Controls vulnerability in HP Linux Imaging and Printing Project The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process. | 6.9 |
| 2011-07-29 | CVE-2011-2697 | Improper Input Validation vulnerability in HP Linux Imaging and Printing Project 3.11.5 foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file. | 6.8 |
| 2011-01-20 | CVE-2010-4267 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Linux Imaging and Printing Project 1.6.7/3.10.9/3.9.8 Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value. | 7.5 |
| 2008-08-14 | CVE-2008-2941 | Improper Input Validation vulnerability in HP Linux Imaging and Printing Project 1.6.7 The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207. | 4.9 |
| 2008-08-14 | CVE-2008-2940 | Permissions, Privileges, and Access Controls vulnerability in HP Linux Imaging and Printing Project 1.6.7 The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message. | 7.2 |
| 2007-10-13 | CVE-2007-5208 | Improper Input Validation vulnerability in HP Linux Imaging and Printing Project 1.0/2.0/2.7.10 hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail. | 7.6 |