CVE-2020-6923
published 2024-12-19CVE-2020-6923: The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.
PriorityP421medium5.7CVSS 3.1
AVAACLPRNUIRSUCNINAH
EPSS
0.30%
21.5th percentile
The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | hplip | < hplip 3.20.9+dfsg0-3 (bookworm) | hplip 3.20.9+dfsg0-3 (bookworm) |
CVSS provenance
nvdv3.15.7MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.7MEDIUM
vendor_debian5.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2020-6923: The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow
osv·2024-12-19·CVSS 5.7
CVE-2020-6923 [MEDIUM] CVE-2020-6923: The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow
The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.
GHSA
GHSA-v356-2ghm-7mwq: The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow
ghsa_unreviewed·2024-12-19
CVE-2020-6923 [MEDIUM] CWE-120 GHSA-v356-2ghm-7mwq: The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow
The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.
Ubuntu
HPLIP vulnerability
vendor_ubuntu·2025-01-13
CVE-2020-6923 HPLIP vulnerability
Title: HPLIP vulnerability
Summary: HPLIP could be made to crash or run programs if it received specially
crafted network traffic.
Kevin Backhouse discovered that HPLIP incorrectly handled certain MDNS
responses. A remote attacker could use this issue to cause HPLIP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2020-6923: hplip - The HP Linux Imaging and Printing (HPLIP) software may potentially be affected b...
vendor_debian·2020·CVSS 5.7
CVE-2020-6923 [MEDIUM] CVE-2020-6923: hplip - The HP Linux Imaging and Printing (HPLIP) software may potentially be affected b...
The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.
Scope: local
bookworm: resolved (fixed in 3.20.9+dfsg0-3)
bullseye: resolved (fixed in 3.20.9+dfsg0-3)
sid: resolved (fixed in 3.20.9+dfsg0-3)
trixie: resolved (fixed in 3.20.9+dfsg0-3)
Suricata
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6923 [HIGH] ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UPDATE
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UPDATE"; flow:established,to_server; http.uri; content:"/newsletters/edition.php?"; nocase; content:"tk="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2006-6923; reference:url,www.securityfocus.com/bid/20996; classtype:web-application-attack; sid:2005771; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6923 [HIGH] ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UNION SELECT
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UNION SELECT"; flow:established,to_server; http.uri; content:"/newsletters/edition.php?"; nocase; content:"tk="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2006-6923; reference:url,www.securityfocus.com/bid/20996; classtype:web-application-attack; sid:2005767; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techni
Suricata
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6923 [HIGH] ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk INSERT
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk INSERT"; flow:established,to_server; http.uri; content:"/newsletters/edition.php?"; nocase; content:"tk="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2006-6923; reference:url,www.securityfocus.com/bid/20996; classtype:web-application-attack; sid:2005768; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6923 [HIGH] ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk DELETE
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk DELETE"; flow:established,to_server; http.uri; content:"/newsletters/edition.php?"; nocase; content:"tk="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2006-6923; reference:url,www.securityfocus.com/bid/20996; classtype:web-application-attack; sid:2005769; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6923 [HIGH] ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk ASCII
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk ASCII"; flow:established,to_server; http.uri; content:"/newsletters/edition.php?"; nocase; content:"tk="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6923; reference:url,www.securityfocus.com/bid/20996; classtype:web-application-attack; sid:2005770; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190
Suricata
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6923 [HIGH] ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk SELECT
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk SELECT"; flow:established,to_server; http.uri; content:"/newsletters/edition.php?"; nocase; content:"tk="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2006-6923; reference:url,www.securityfocus.com/bid/20996; classtype:web-application-attack; sid:2005766; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
No public exploits indexed.
No writeups or analysis indexed.
2024-12-19
Published