3884 matches found
Lexmark Printers - Command Injection
Certain Lexmark devices through 2023-02-19 mishandle Input Validation issue 1 of 4. id: CVE-2023-26067 info: name: Lexmark Printers - Command Injection author: DhiyaneshDK severity: high description: | Certain Lexmark devices through 2023-02-19 mishandle Input Validation issue 1 of 4. impact: |...
Honeywell PM43 Printers - Command Injection
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 e.g. P10.19.050006 id:...
Sharp Multifunction Printers - Directory Listing
It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file. id: CVE-2024-33605 info: name: Sharp Multifunction Printers - Directory Listing author: gy741 severity: hig...
Kyocera Printer d-COPIA253MF - Directory Traversal
Kyocera Printer d-COPIA253MF plus is susceptible to a directory traversal vulnerability which could allow an attacker to retrieve or view arbitrary files from the affected server. id: CVE-2020-23575 info: name: Kyocera Printer d-COPIA253MF - Directory Traversal author: 0xAkoko severity: high...
CVE-2026-55004
Double free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally...
CVE-2026-49166
Use after free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally...
CVE-2026-55004
CVE-2026-55004 corresponds to a local privilege-elevation flaw described as a double-free in Microsoft Printer Drivers. The CVSSv3.1 score is 7.8 (High) with local attack vector, low attack complexity, and privileges required, no user interaction, impacting confidentiality, integrity, and availab...
CVE-2026-55000
CVE-2026-55000 affects the Windows USB Print Driver and is a use-after-free vulnerability that enables an unauthorized attacker to elevate privileges with physical access. CVSS 3.1: AV=P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (base score 6.4, MEDIUM). Exploitation is described as physical access with no ...
CVE-2026-49166
CVE-2026-49166: Use-after-free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally. Affected component is Microsoft Printer Drivers; root cause is a use-after-free condition. Exploitation status is not detailed in the provided documents. Base CVSS v3.1 score i...
Windows Print Configuration Elevation of Privilege Vulnerability
Double free in Microsoft Printer Drivers allows an authorized attacker to elevate privileges locally...
HP Deskjet 2800 Printer Series Webservers contain Missing Authorization Vulnerability
Overview HP Printers in the Deskjet 2800 Series running firmware version =TBP1CN2612AR contain a missing authorization vulnerability tracked as CVE-2026-13753. This vulnerability allows unauthenticated access to the printer's webserver API endpoints, exposing Wi-Fi credentials, management...
USN-8483-1: HPLIP vulnerabilities
It was discovered that HPLIP incorrectly handled certain print data. An attacker could possibly use this issue to cause HPLIP to execute arbitrary code. CVE-2026-8631 It was discovered that HPLIP incorrectly handled certain inputs. A local attacker could possibly use this issue to execute arbitra...
Astra Linux – Vulnerability in cups
OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.17, a network-attached attacker could send a crafted SNMP response to the CUPS SNMP backend, causing an out-of-bounds read of up to 176 bytes beyond the stack buffer. The leak...
Astra Linux – Vulnerability in cups
OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and earlier, a local unprivileged user could force cupsd to authenticate against a localhost IPP service controlled by the attacker, using a reusable “Authorization: Local…”...
Astra Linux – Vulnerability in cups
OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and earlier, the RSS notifier allowed path traversal in notify-recipient-uri e.g., rss:///../job.cache, enabling a remote IPP client to write RSS XML bytes outside of CacheDir/r...
Oracle Linux 9 : samba (ELSA-2026-25049)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25049 advisory. - Security release for CVE-2026-1933 CVE-2026-2340 CVE-2026-3012 CVE-2026-4480 CVE-2026-40170 CVE-2026-4408 - resolves: RHEL-156319 - CVE-2026-1933...
CVE-2026-6645 Insecure Search Path Vulnerability in PaperCut Print Deploy Client for Windows
An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system...
RockyLinux 10 : hplip (RLSA-2026:26228)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26228 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...
Astra Linux – Vulnerability in Linux
A vulnerability was discovered in the Linux kernel. In the function printerioctl, there is an attempt to access a printerdev instance that has been deallocated. However, a use-after-free issue arises because the memory was previously freed by the gprinterfree function...
RLSA-2026:26297 Important: hplip security update
The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project HPLIP, which provides drivers for Hewlett-Packard printers and multi-function peripherals. Security Fixes: HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection...