Hp Linux Imaging And Printing Project vulnerabilities

11 known vulnerabilities affecting hp/linux_imaging_and_printing_project.

Total CVEs
11
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM4LOW4

Vulnerabilities

Page 1 of 1
CVE-2012-6108LOWCVSS 2.1≤ 3.13.1v1.0+25 more2014-02-15
CVE-2012-6108 [LOW] CWE-264 CVE-2012-6108: HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operations.
nvd
CVE-2013-6402LOWCVSS 2.1≤ 3.13.11v3.9.2+32 more2014-01-05
CVE-2013-6402 [LOW] CWE-59 CVE-2013-6402: base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrit base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
nvd
CVE-2013-6427MEDIUMCVSS 6.8v3.9.2v3.9.4+31 more2013-12-09
CVE-2013-6427 [MEDIUM] CWE-94 CVE-2013-6427: upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 la upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.
nvd
CVE-2013-4325MEDIUMCVSS 6.9v1.0v2.0+32 more2013-09-23
CVE-2013-4325 [MEDIUM] CWE-264 CVE-2013-4325: The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3. The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
nvd
CVE-2013-0200LOWCVSS 1.9≤ 3.12.4v1.0+19 more2013-03-06
CVE-2013-0200 [LOW] CVE-2013-0200: HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.
nvd
CVE-2011-2722LOWCVSS 1.2≤ 3.11.5v3.9.2+14 more2012-05-25
CVE-2011-2722 [LOW] CWE-59 CVE-2011-2722: The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.
nvd
CVE-2011-2697MEDIUMCVSS 6.8v3.11.52011-07-29
CVE-2011-2697 [MEDIUM] CWE-20 CVE-2011-2697: foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execut foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
nvd
CVE-2010-4267HIGHCVSS 7.5v1.6.7v3.9.8+1 more2011-01-20
CVE-2010-4267 [HIGH] CWE-119 CVE-2010-4267: Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.
nvd
CVE-2008-2940HIGHCVSS 7.2v1.6.72008-08-14
CVE-2008-2940 [HIGH] CWE-264 CVE-2008-2940: The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users t The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.
nvd
CVE-2008-2941MEDIUMCVSS 4.9v1.6.72008-08-14
CVE-2008-2941 [MEDIUM] CWE-20 CVE-2008-2941: The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local use The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.
nvd
CVE-2007-5208HIGHCVSS 7.6PoC≤ 2.7.10v1.02007-10-13
CVE-2007-5208 [HIGH] CWE-20 CVE-2007-5208: hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail.
nvd
Hp Linux Imaging And Printing Project vulnerabilities | cvebase