Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Printerlogic Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-42641 1 Printerlogic 1 Web Stack 2022-02-08 5.0 MEDIUM 7.5 HIGH
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users.
CVE-2021-42642 1 Printerlogic 1 Web Stack 2022-02-08 5.0 MEDIUM 7.5 HIGH
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer.
CVE-2021-42631 3 Apple, Linux, Printerlogic 4 Macos, Linux Kernel, Virtual Appliance and 1 more 2022-02-02 9.3 HIGH 8.1 HIGH
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution.
CVE-2021-42638 3 Apple, Linux, Printerlogic 3 Macos, Linux Kernel, Web Stack 2022-02-02 9.3 HIGH 8.1 HIGH
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.
CVE-2021-42635 3 Apple, Linux, Printerlogic 3 Macos, Linux Kernel, Web Stack 2022-02-02 9.3 HIGH 8.1 HIGH
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution.
CVE-2018-5408 1 Printerlogic 1 Print Management 2019-05-10 5.8 MEDIUM 7.4 HIGH
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.