Lucene search
+L
VasionVirtual Appliance Host

43 matches found

CVE
CVE
added 2025/09/19 6:36 p.m.54 views

CVE-2025-34203

Vasion Print Virtual Appliance Host <22.0.1002 and Vasion Print Application

9.8CVSS6.5AI score0.00813EPSS
CVE
CVE
added 2025/09/29 8:36 p.m.45 views

CVE-2025-34211

Vasion Print Virtual Appliance Host (pre-22.0.1049) and Application (pre-20.0.2786) store a private SSL key and its public certificate in cleartext, using the same pl-local.com key across all deployments. With container access, an attacker can read the key to decrypt TLS traffic, perform MITM, or...

9.3CVSS6.2AI score0.00367EPSS
CVE
CVE
added 2025/09/29 8:34 p.m.43 views

CVE-2025-34234

Summary: CVE-2025-34234 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.1.102 and Application prior to 25.1.1413. Two hardcoded private keys are shipped inside application containers (printerlogic/pi, printerlogic/printer-admin-api, printercloud/pi) and stored in p...

9.2CVSS6.3AI score0.00382EPSS
CVE
CVE
added 2025/09/19 6:51 p.m.36 views

CVE-2025-34190

Vasion Print (PrinterLogic) PrinterInstallerClientService is affected by an authentication bypass through LD_PRELOAD hooking of geteuid, enabling local privilege escalation. Affected versions include Virtual Appliance Host prior to 25.1.102 and Application (macOS/Linux client deployments) prior t...

8.5CVSS7AI score0.00403EPSS
CVE
CVE
added 2025/09/19 6:39 p.m.34 views

CVE-2025-34192

CVE-2025-34192 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host < 22.0.893 and Application

9.8CVSS6.5AI score0.00898EPSS
CVE
CVE
added 2025/09/19 6:46 p.m.34 views

CVE-2025-34194

Vasion Print (PrinterLogic) Virtual Appliance Host (pre-25.1.102) and Windows client deployments (pre-25.1.1413) are affected by an insecure temporary-file handling issue in the PrinterInstallerClient component. The software creates files as NT AUTHORITY\SYSTEM inside a user-controlled Temp path ...

8.5CVSS6.4AI score0.00286EPSS
CVE
CVE
added 2025/09/29 8:42 p.m.34 views

CVE-2025-34224

Vasion Print (formerly PrinterLogic) Virtual Appliance Host (VA) and Application (VA/SaaS deployments) are affected. Prior to versions 22.0.1049 (Host) and 20.0.2786 (Application) expose PHP scripts under the console_release directory without authentication. An unauthenticated attacker can invoke...

10CVSS6.8AI score0.00914EPSS
CVE
CVE
added 2025/09/19 6:50 p.m.33 views

CVE-2025-34202

CVE-2025-34202 affects Vasion Print (Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518). The issue stems from exposing Docker internal networks, enabling an attacker on the same external L2 segment or one who can route via the appliance to reach container IPs directly. T...

8.8CVSS7.4AI score0.00918EPSS
CVE
CVE
added 2025/09/19 6:41 p.m.32 views

CVE-2025-34204

Summary: CVE-2025-34204 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments). Multiple Docker containers run core processes (e.g., PHP workers, Node.js servers, custom binaries) as root, increasing blast radius if a container is breached an...

9.8CVSS6.7AI score0.00632EPSS
CVE
CVE
added 2025/09/29 8:39 p.m.31 views

CVE-2025-34225

Vasion Print (PrinterLogic) Virtual Appliance Host before 25.1.102 and Application before 25.1.1413 suffer SSRF via an unauthenticated console_release directory. Dozens of PHP scripts build URLs from user-controlled input and invoke curl_exec() or file_get_contents() without sufficient validation...

8.8CVSS6.7AI score0.00764EPSS
Web
CVE
CVE
added 2025/09/19 6:51 p.m.30 views

CVE-2025-34191

Vulnerability CVE-2025-34191 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Vasion Print Application versions prior to 20.0.1923 (macOS/Linux client deployments). The issue is an arbitrary file write via response file handling: tasks write respo...

8.5CVSS6.6AI score0.0028EPSS
CVE
CVE
added 2025/09/19 6:47 p.m.29 views

CVE-2025-34201

The CVE-2025-34201 entry concerns Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application used in VA/SaaS deployments. It states that Docker containers are run on shared internal networks without firewalling or segmentation between instances, so a compromise of any single cont...

8.5CVSS6.5AI score0.00271EPSS
CVE
CVE
added 2025/09/19 6:50 p.m.29 views

CVE-2025-34205

Vusion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.843 and Application prior to 20.0.1923 contain dangerous PHP dead code. The file /var/www/app/resetroot.php lacks authentication, enabling an attacker to reset the MySQL root password and gain full database control; separat...

9.8CVSS8.6AI score0.01322EPSS
CVE
CVE
added 2025/09/29 8:41 p.m.29 views

CVE-2025-34229

Vulsion: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.1.102 and Application prior to 25.1.1413 contain a blind SSRF via /var/www/app/console_release/hp/installApp.php. An unauthenticated attacker can cause the system to request internal host addresses (built as http://:...

6.9CVSS6.8AI score0.00495EPSS
Web
CVE
CVE
added 2025/09/19 6:49 p.m.28 views

CVE-2025-34189

Vasion Print Virtual Appliance Host <1.0.735 and Vasion Print Application

7.8CVSS6.2AI score0.00231EPSS
Web
CVE
CVE
added 2025/09/19 6:48 p.m.27 views

CVE-2025-34199

Vasion Print Virtual Appliance Host (pre-22.0.1049) and Vasion Print Application (pre-20.0.2786) expose insecure TLS usage due to disabling verification. Specifically, the code disables CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER and uses environment variables (e.g., API_*_VERIFYSSL=false) ...

9.3CVSS6.7AI score0.0051EPSS
CVE
CVE
added 2025/09/29 8:35 p.m.27 views

CVE-2025-34209

Vusion Print (formerly PrinterLogic) VAs/VAaaS are affected: Docker images for Virtual Appliance Host <22.0.862 and Application

9.4CVSS6.5AI score0.00656EPSS
CVE
CVE
added 2025/09/29 8:34 p.m.27 views

CVE-2025-34218

Vasion Print Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 expose internal Docker containers via the gw Docker instance. The gateway’s /meta endpoint lists micro‑services and versions, and the containers are reachable over HTTP/HTTPS without ACLs, authentication, or...

10CVSS6.9AI score0.00936EPSS
CVE
CVE
added 2025/09/29 8:42 p.m.27 views

CVE-2025-34220

Vasion Print (VA and SaaS) is affected by CVE-2025-34220 due to an unauthenticated /api-gateway/identity/search-groups endpoint. The issue allows enumeration of group objects for a tenant, exposing fields such as group IDs, source service IDs, Azure AD object IDs, creation timestamps, and tenant ...

6.9CVSS6.5AI score0.0065EPSS
Web
CVE
CVE
added 2025/09/19 6:46 p.m.26 views

CVE-2025-34188

CVE-2025-34188 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 1.0.735 and Vasion Print Application prior to 20.0.1330 (macOS/Linux deployments). The root cause is a vulnerability in the local logging mechanism that stores authentication session tokens (PHPSESSID, XSR...

8.4CVSS6AI score0.00287EPSS
CVE
CVE
added 2025/09/19 6:38 p.m.26 views

CVE-2025-34195

The CVE-2025-34195 entry describes a remote code execution in Vasion Print (formerly PrinterLogic) Virtual Appliance Host (versions prior to 1.0.735) and Vasion Print Application (Windows client deployments prior to 20.0.1330) caused by unquoted program paths during driver installation. The Print...

9.8CVSS8AI score0.00905EPSS
CVE
CVE
added 2025/09/19 6:48 p.m.26 views

CVE-2025-34206

The CVE-2025-34206 entry concerns Vasion Print (PrinterLogic) Virtual Appliance Host and Application. It describes overly-permissive permissions on host files mounted into multiple Docker containers under /var/www/efs_storage, enabling access to secrets.env, GPG-encrypted blobs, MySQL client keys...

9.8CVSS6.5AI score0.00475EPSS
CVE
CVE
added 2025/09/29 8:43 p.m.26 views

CVE-2025-34215

CVE-2025-34215 : Vasion Print (formerly PrinterLogic) Virtual Appliance Host before 22.0.1026 and Application before 20.0.2702 expose an unauthenticated firmware-upload flow. A public page returns a signed token usable at va-api/v1/update, and every Docker image contains the appliance’s private G...

9.8CVSS7.6AI score0.0106EPSS
Web
CVE
CVE
added 2025/09/30 1:3 p.m.26 views

CVE-2025-34217

CVE-2025-34217 concerns Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments). The advisory documents an undocumented local user named printerlogic with a hardcoded SSH public key stored in ~/.ssh/authorized_keys and a sudoers rule giving the printerlog...

10CVSS6.5AI score0.00697EPSS
CVE
CVE
added 2025/09/29 8:38 p.m.26 views

CVE-2025-34223

CVE-2025-34223 affects Vasion Print Virtual Appliance Host (pre-22.0.1049) and Vasion Print Application (pre-20.0.2786). An unauthenticated attacker can reach an installation-time endpoint at /admin/query/update_database.php, submit arbitrary root_user/root_password values, and replace the defaul...

10CVSS6.9AI score0.01152EPSS
Web
CVE
CVE
added 2025/09/19 6:47 p.m.25 views

CVE-2025-34193

Vasion Print (formerly PrinterLogic) Windows client components PrinterInstallerClientInterface.exe, PrinterInstallerClient.exe, and PrinterInstallerClientLauncher.exe in Virtual Appliance Host and Application versions prior to 25.1.102 / 25.1.1413 lack modern memory-safety mitigations (DEP, ASLR,...

9.8CVSS7.6AI score0.00726EPSS
CVE
CVE
added 2025/09/19 6:39 p.m.25 views

CVE-2025-34197

CVE-2025-34197 affects Vasion Print Virtual Appliance Host < 22.0.951 and Vasion Print Application

8.6CVSS6.5AI score0.00251EPSS
CVE
CVE
added 2025/09/19 6:40 p.m.24 views

CVE-2025-34198

CVE-2025-34198 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application where versions before 22.0.951 (Host) and 20.0.2368 (Application) include shared, hardcoded SSH host private keys (RSA, ECDSA, ED25519) embedded in the appliance image. Because the same keys are use...

9.8CVSS6.4AI score0.00746EPSS
CVE
CVE
added 2025/09/19 6:45 p.m.24 views

CVE-2025-34200

Affected software: Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments). Vulnerability details: Credentials for the network account are stored in plaintext in the /etc/issue file and the file is world-readable by default. An attacker with local she...

8.6CVSS6.4AI score0.00319EPSS
CVE
CVE
added 2025/09/29 8:34 p.m.24 views

CVE-2025-34232

Vasion Print (formerly PrinterLogic) Virtual Appliance Host is affected up to version 25.1.102 and the Application up to 25.1.1413 in VA/SaaS deployments. A blind SSRF is reachable via /var/www/app/console_release/lexmark/dellCheck.php; when a printer is registered, the hostname is stored in $pri...

6.9CVSS6.8AI score0.00514EPSS
Web
CVE
CVE
added 2025/09/29 7:11 p.m.23 views

CVE-2025-34196

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 contain a hardcoded private key for the PrinterLogic CA and a hardcoded password in configuration files. The Windows client ships the CA certificate and private key (and other...

9.8CVSS6.6AI score0.00445EPSS
CVE
CVE
added 2025/09/29 8:38 p.m.23 views

CVE-2025-34207

Vasion Print (Virtual Appliance Host and Application) before versions 22.0.1049 and 20.0.2786 respectively use insecure SSH client settings in Docker: UserKnownHostsFile=/dev/null, StrictHostKeyChecking=no, and ForwardAgent yes. This disables host key verification and forwards the SSH agent, enab...

9.8CVSS6.5AI score0.00621EPSS
CVE
CVE
added 2025/09/29 8:41 p.m.23 views

CVE-2025-34222

Vasion Print (formerly PrinterLogic) Vulnerability CVE-2025-34222 affects Virtual Appliance Host before 22.0.1049 and Application before 20.0.2786 (VA/SaaS). The issue stems from four unauthenticated admin routes exposed in the printercloud/pi Docker container (routes: /admin/hp/cert_upload, /adm...

10CVSS6.6AI score0.00488EPSS
Web
CVE
CVE
added 2025/09/29 8:39 p.m.21 views

CVE-2025-34216

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1026 and Application prior to 20.0.2702 expose unauthenticated REST endpoints that return configuration files and clear-text passwords, and disclose the Laravel APP_KEY. Without the APP_KEY, crafted requests cannot be signe...

10CVSS7.7AI score0.0076EPSS
CVE
CVE
added 2025/09/29 8:43 p.m.21 views

CVE-2025-34221

Vasion Print (PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 expose internal Docker containers to the network due to firewall rules allowing unrestricted traffic on the Docker bridge. No authentication/ACL or client identifier is required, enabling unaut...

10CVSS7.5AI score0.01364EPSS
CVE
CVE
added 2025/09/29 8:41 p.m.21 views

CVE-2025-34228

Vasion Print (formerly PrinterLogic) SSRF in VA/VA SaaS before 25.1.102 (Host) and before 25.1.1413 (Application). The issue arises from unauthenticated access to /var/www/app/console_release/lexmark/update.php, which builds URLs from user-controlled values and forwards requests via curl_exec() o...

8.8CVSS6.7AI score0.00736EPSS
CVE
CVE
added 2025/10/02 4:13 p.m.19 views

CVE-2025-34208

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SAAS) uses unsalted SHA-512 and, fallback unsalted SHA-1, for password hashing via PHP hash() in multiple files (server_write_requests_users.php, update_database.php, legacy/Login.php, tests/Unit/Api/IdpControllerTest...

8.2CVSS7AI score0.00411EPSS
Web
CVE
CVE
added 2025/09/29 8:36 p.m.19 views

CVE-2025-34212

CVE-2025-34212 involves Vasion Print (Virtual Appliance Host and App) with CI/CD weaknesses in VA/SaaS deployments prior to versions 22.0.843 and 20.0.1923. The build process pulls an unverified third‑party image, downloads the VirtualBox Extension Pack over HTTP without signature validation, and...

9.8CVSS8.1AI score0.00627EPSS
CVE
CVE
added 2025/09/29 8:40 p.m.19 views

CVE-2025-34230

Vasion Print (PrinterLogic) SSRF (CVE-2025-34230): In VA/VA-SaaS, the Host before 25.1.102 and the Application before 25.1.1413 accept a printer hostname from the printer’s address, store it in $printer_vo->str_host_address, and later request http://:80/DevMgmt/DiscoveryTree.xml via curl witho...

6.9CVSS6.8AI score0.00495EPSS
Web
CVE
CVE
added 2025/09/29 8:40 p.m.19 views

CVE-2025-34231

Vulation Print (PrinterLogic) SSRF vulnerability CVE-2025-34231 affects Vasion Print Virtual Appliance Host <25.1.102 and Application

8.8CVSS6.9AI score0.00699EPSS
Web
CVE
CVE
added 2025/09/29 8:38 p.m.19 views

CVE-2025-34233

Vasion Print (formerly PrinterLogic) Virtual Appliance Host before 25.1.102 and Application before 25.1.1413 are affected by a protection mechanism failure in the file_get_contents()/CURL usage. When an administrator configures a printer hostname (or similar callback field), the value is passed u...

8.5CVSS6.5AI score0.00554EPSS
CVE
CVE
added 2025/09/29 8:44 p.m.19 views

CVE-2025-34235

Vasion Print (formerly PrinterLogic) Virtual Appliance Host (versions before 25.1.102) and Application (Windows clients before 25.1.1413) contain a registry key that enables skipping SSL/TLS certificate validation. An attacker intercepting HTTPS traffic can inject malicious driver DLLs, enabling ...

9.5CVSS7.7AI score0.00441EPSS
CVE
CVE
added 2025/10/02 4:13 p.m.17 views

CVE-2025-34210

The CVE concerns Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SAAS deployments). The connected sources confirm that sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) are stored in cleartext files that are ...

9.4CVSS6.1AI score0.00146EPSS