HPSBPI03610 rev. 1 - HP LaserJet Enterprise Printers, HP PageWide Enterprise Printers, HP LaserJet Managed Printers, HP OfficeJet Enterprise Printers, Execution of Arbitrary Code

Potential Security Impact Execution of arbitrary code VULNERABILITY SUMMARY Insufficient solution bundle signature validation potentially allows execution of arbitrary code. RESOLUTION Perform the following two steps to mitigate the vulnerability. Step 1: Update the printer firmware Update firmwa...

The vulnerability of the fly-admin-printer package allows unauthorized changes to the general access settings for printers on the Astra Linux operating system. This vulnerability enables a hacker to modify these settings without authorization.

The vulnerability of the fly-admin-printer package for configuring the printing system and printer options in the Astra Linux operating system is related to incorrect configuration of general access parameters. Exploiting this vulnerability may allow a malicious individual to unauthorizedly modif...

The vulnerability of the hp-plugin driver for HPLIP printers allows a hacker to execute arbitrary code.

The vulnerability of the hp-plugin driver for HPLIP printers is related to the use of a short key identifier GPG from the key server, which is used to verify the loading of the printing plugin. Exploiting this vulnerability allows an attacker to execute arbitrary code...

August 30, 2018—KB4346783 (OS Build 17134.254)

August 30, 2018—KB4346783 OS Build 17134.254 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue in Microsoft Foundation Class applications that may cause applications to...

Can your Printer Hack your Secrets: Appweb Authorization Bypass

How IoT can pave the way for data breaches: Understanding the Appweb Authorization Bypass An engineering POV into everyday vulnerability. The everyday things you rely on may leave you vulnerable to attack. And it may not be the things themselves, but what is hiding inside. Are your IoT devices,...

openSUSE Security Update : libqt5-qtbase (openSUSE-2019-265)

This update for libqt5-qtbase provides the following fixes : Security issues fixed : - CVE-2018-15518: Fixed double free in QXmlStreamReader bsc1118595 - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler bsc1118596 Non-security issues fixed : - Fix dynamic loading of...

Security update for libqt5-qtbase (moderate)

openSUSE Security Update: Security update for libqt5-qtbase Announcement ID: openSUSE-SU-2019:0265-1 Rating: moderate References: 1096328 1099874 1108889 1118595 1118596 1120639 Cross-References: CVE-2018-15518 CVE-2018-19873 Affected Products: openSUSE Leap 15.0 An update that solves two...

SUSE SLED15 / SLES15 Security Update : libqt5-qtbase (SUSE-SU-2019:0447-1)

This update for libqt5-qtbase provides the following fixes : Security issues fixed : CVE-2018-15518: Fixed double free in QXmlStreamReader bsc1118595 CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler bsc1118596 Non-security issues fixed: Fix dynamic loading of libGL...

Lexmark Printer Shortcut Integrity Vulnerability (CVE-2019-6489)

Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices allow remote attackers to erase stored shortcuts. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

openSUSE Security Update : java-11-openjdk (openSUSE-2019-161)

This update for java-11-openjdk to version 11.0.2+7 fixes the following issues : Security issues fixed : - CVE-2019-2422: Better FileChannel transfer performance bsc1122293 - CVE-2019-2426: Improve web server connections - CVE-2018-11212: Improve JPEG processing bsc1122299 - Better route routing ...

Security update for java-11-openjdk (important)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:0161-1 Rating: important References: 1120431 1122293 1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilitie...

The vulnerability of the fly-admin-printer-mac utility in the Astra Linux operating system, which allows a hacker to gain access to confidential data

The vulnerability of the fly-admin-printer-mac utility in the Astra Linux operating system relates to the printing of content from the GECOS field instead of the user’s domain username. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

Default printer not auto-created on VDIs with WEM agent installed.

When configuring client printers auto-creation with Default printer policy enabled from XenDesktop Studio console, the default printer is not created in ICA session launched on machines with WEM agent installed...

HP DesignJet Printer Web Interface Detection

Binary data hpdesignjetwebinterfacedetect.nbin...

Medium: samba

Issue Overview: A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash. CVE-2018-1050 A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory...

PRETty - "PRinter Exploitation Toolkit" LAN Automation Tool

PRETty is useful when a large number of printers are present on a network. Instead of scanning, logging, and manually running PRET againt each individual printer, PRETty will automatically discover and run choosen PRET payloads against all printers on the target network. Additionally, PRETty can ...

Xerox Printer Detection Consolidation

Consolidation of Xerox printer detections. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Xerox Printer Detection (SNMP)

SNMP based detection of Xerox printer devices. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Epson WorkForce WF-2861 Denial of Service Vulnerability (CNVD-2019-43855)

The Epson WorkForce WF-2861 is a Wi-Fi duplex MFP inkjet printer. An amplification attack vulnerability exists in the Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6, 10.52.LQ17IA. The vulnerability stems from the device using SNMP to look up certain devices on the network. An attacker could...

Epson WorkForce WF-2861 Firmware Update License Vulnerability

The Epson WorkForce WF-2861 is a Wi-Fi duplex MFP inkjet printer. A firmware update authorization vulnerability exists in the Web services of the Epson WorkForce WF-2861 10.48 LQ22I3 recovery mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA. A remote attacker can exploit this vulnerability to...