Unauthorized access vulnerability in HP ENVY 5530 e-All-in-One Printer series

The HP ENVY 5530 e-All-in-One Printer series printer is an all-in-one printer from HP Trading Shanghai Co. An unauthorized access vulnerability exists in the HP ENVY 5530 e-All-in-One Printer series, which can be exploited by an attacker to gain direct access to the printer control interface...

Unauthorized access vulnerability in HP ENVY 5540 All-in-One Printer series printers

The HP ENVY 5540 All-in-One Printer series printer is an all-in-one printer from HP. An unauthorized access vulnerability exists in the HP ENVY 5540 All-in-One Printer series printer, which can be exploited by an attacker to gain direct access to the printer control interface without logging in...

Unauthorized Access Vulnerability in HP-ENVY-7640 at Hewlett-Packard Trading (Shanghai) Co.

The HP-ENVY-7640 series printer is an all-in-one printer from HP. An unauthorized access vulnerability exists in the HP-ENVY-7640, which can be exploited by an attacker to gain direct access to the printer control interface without logging in...

Unauthorized Access Vulnerability in Dell 3130cn Color Laser

The Dell 3130cn Color Laser is a printer from Dell. An unauthorized access vulnerability exists in the Dell 3130cn Color Laser, which can be exploited by an attacker to obtain sensitive information...

Vulnerability Spotlight: Code execution vulnerabilities in PrusaSlicer

Lilith of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D... This i...

Prusa Research PrusaSlicer Admesh stl_fix_normal_directions() out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the Admesh stlfixnormaldirections functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Prusa Research PrusaSlicer Objparser::objparse() stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the Objparser::objparse functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

Prusa Research PrusaSlicer Obj.cpp load_obj() out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the Obj.cpp loadobj functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...

CVE-2019-10881

The CVE-2019-10881 entry concerns Xerox AltaLink devices (B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070) with firmware before 103.xxx.030.32000. A root cause is two hard-coded weak accounts that enable unauthorized access, which cannot be disabled. Impact is high: unauthenticate...

Unauthorized Access Vulnerability in HP Officejet Pro Printer Management Page

Hewlett-Packard Trading Shanghai Co., Ltd. was registered and established on February 8, 1999 in the Market Supervision Administration of the Free Trade Zone. The company's business scope includes computer equipment, printing equipment, imaging equipment, electronic products and related parts of...

CVE-2021-28671

Xerox Phaser 6510 before 64.65.51 and 64.59.11 Bridge, WorkCentre 6515 before 65.65.51 and 65.59.11 Bridge, VersaLink B400 before 37.65.51 and 37.59.01 Bridge, B405 before 38.65.51 and 38.59.01 Bridge, B600/B610 before 32.65.51 and 32.59.01 Bridge, B605/B615 before 33.65.51 and 33.59.01 Bridge,...

Buffer overflow

Xerox Phaser 6510 before 64.65.51 and 64.59.11 Bridge, WorkCentre 6515 before 65.65.51 and 65.59.11 Bridge, VersaLink B400 before 37.65.51 and 37.59.01 Bridge, B405 before 38.65.51 and 38.59.01 Bridge, B600/B610 before 32.65.51 and 32.59.01 Bridge, B605/B615 before 33.65.51 and 33.59.01 Bridge,...

CVE-2021-28668

Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities...

HPSBPI03723 rev. 1 - Certain HP LaserJet, HP LaserJet Pro, HP PageWide, HP PageWide Pro, HP inkjet, HP OfficeJet software and certain applications - Arbitrary code execution

Potential Security Impact Arbitrary code execution Source: HP, HP Product Security Response Team PSRT Reported by: Honc, Arno Tsai, Subodh Kumar VULNERABILITY SUMMARY During installation with certain driver software or application packages an arbitrary code execution could occur. RESOLUTION HP ha...

March 15, 2021—KB5001568 (OS Build 17763.1821) Out-of-band

March 15, 2021—KB5001568 OS Build 17763.1821 Out-of-band 2/16/21 IMPORTANT As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update WU and Windows Server Update Services WSUS. Installing KB4577586 will remove Adobe Flash Player permanentl...

March 15, 2021—KB5001567 (OS Builds 19041.868 and 19042.868) Out-of-band

March 15, 2021—KB5001567 OS Builds 19041.868 and 19042.868 Out-of-band 2/24/21 IMPORTANT As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update WU and Windows Server Update Services WSUS. Installing KB4577586 will remove Adobe Flash...

March 15, 2021—KB5001566 (OS Build 18363.1441) Out-of-band

March 15, 2021—KB5001566 OS Build 18363.1441 Out-of-band 2/16/21 IMPORTANT As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update WU and Windows Server Update Services WSUS. Installing KB4577586 will remove Adobe Flash Player permanentl...

EulerOS Virtualization for ARM 64 3.0.2.0 : cups (EulerOS-SA-2021-1379)

According to the version of the cups package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In arrayfind of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local...

CVE-2019-18630

On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure...

Information disclosure

On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure...