A combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server in various Lexmark devices.
Postscript integer overflow vulnerability (CVE-2024-11347)opens in a new tab
An integer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript type confusion vulnerability (CVE-2024-11346)opens in a new tab
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript heap-based memory vulnerability (CVE-2024-11345)opens in a new tab
A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript type confusion vulnerability (CVE-2024-11344)opens in a new tab
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.
A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices (CVE-2023-50733)opens in a new tab
A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.
Buffer Overflow Vulnerability (CVE-2023-50739)opens in a new tab
A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices.
Firmware Downgrade Prevention Vulnerability (CVE-2023-50738)opens in a new tab
A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices.
Postscript Buffer Overflowopens in a new tab (CVE-2023-50734)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Heap Corruptionopens in a new tab (CVE-2023-50735)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Memory Corruptionopens in a new tab (CVE-2023-50736)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Input Validation Vulnerabilityopens in a new tab (CVE-2023-50737)
An input validation vulnerability in the SE Menu has been identified in Lexmark devices.
XML external entity vulnerabilityopens in a new tab (CVE-2023-40239)
An XML external entity (XXE) vulnerability exists in older Lexmark devices.
Postscript Buffer Overflow (type confusion)opens in a new tab (CVE-2023-26063)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Buffer Overflow (out of bounds write)opens in a new tab (CVE-2023-26064)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Buffer Overflow (integer overflow)opens in a new tab (CVE-2023-26065)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Buffer Overflow (improper stack validation)opens in a new tab (CVE-2023-26066)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Input validation vulnerabilityopens in a new tab (CVE-2023-26067)
An input validation vulnerability which allows an attacker who has already compromised an affected Lexmark device to escalate privileges.
Embedded Web Server input sanitization vulnerabilityopens in a new tab (CVE-2023-26068)
The embedded web server fails to properly sanitize input data which can lead to remote code execution.
Web API input validation vulnerabilityopens in a new tab (CVE-2023-26069)
A web API input validation vulnerability in newer Lexmark devices.
SNMP input validation vulnerabilityopens in a new tab (CVE-2023-26070)
An input validation vulnerability in SNMP in various Lexmark devices.
Account Lockout bypassopens in a new tab (CVE-2023-22960)
This vulnerability allows an attacker to bypass protections on the device that protect local accounts against brute-force guessing attacks.
Server Side Request Forgeryopens in a new tab (CVE-2023-23560)
A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.
jQuery vulnerabilityopens in a new tab (CVE-2019-11358)
jQuery contains vulnerability that can lead to a denial of service, remote code execution, or property injection
Compromised device remains vulnerable after firmware updateopens in a new tab (CVE-2022-29850)
An attacker who has already compromised an affected Lexmark device can maintain persistence across reboots.
SpringShell (and/or Spring4Shell) vulnerabilitiesopens in a new tab (CVE-2022-22965, CVE-2022-22963)
Lexmark hardware and software products are not impacted by the SpringShell vulnerability.
Initial setup menus apply insufficient permissionsopens in a new tab (CVE-2022-24935)
The initial admin account setup wizard on Lexmark devices allows unauthenticated access to the “Firmware Updates” feature.
Postscript Buffer overflowopens in a new tab (CVE-2021-44738)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
PJL directory traversal vulnerabilityopens in a new tab (CVE-2021-44737)
Various Lexmark devices have a directory traversal vulnerability that can be leveraged to overwrite internal configuration files.
Initial setup menus apply insufficient permissionsopens in a new tab (CVE-2021-44736)
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.
Embedded web server command injection vulnerabilityopens in a new tab (CVE-2021-44735)
The embedded web server in various Lexmark devices contains a command injection vulnerability.
Embedded web server input sanitization vulnerabilityopens in a new tab (CVE-2021-44734)
The embedded web server in Lexmark devices fails to properly sanitize input data which can lead to remote code execution on the device.
Apache Log4j Vulnerabilitiesopens in a new tab (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105)
This document lists Lexmark products that may be impacted by the Log4j vulnerability. Any product not listed is still under review for impact.
Lexmark Security Advisory: Local Escalation of Privilege in the Lexmark Universal Print Driveropens in a new tab (CVE-2021-35449)
The Lexmark Universal Print Driver contains a local escalation of privilege vulnerability.
Lexmark Security Advisory: Unquoted Service Path in Lexmark Printer Software G2, G3 and G4 Installation Packagesopens in a new tab (CVE-2021-35469)
The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.
Lexmark Security Advisory: Security jumper race condition in the MX6500opens in a new tab (CVE-2020-35546)
The access control settings on a MX6500 may reset during a power on or reboot.
Lexmark Security Advisory: Wifi Chip Driver Vulnerabilityopens in a new tab (CVE-2019-14816)
A vulnerability was found in the WiFi chip driver used in Lexmark device.
Lexmark Security Advisory: Cross Site Request Forgery Vulnerabilityopens in a new tab (CVE-2020-13481)
A stored cross site scripting vulnerability has been identified in Lexmark devices.
Lexmark Security Advisory: Cross Site Request Forgeryopens in a new tab Vulnerability (CVE-2020-10095)
Lexmark devices' embedded web server contains a cross site request forgery attack vulnerability that allows devices configuration to be altered without authorization.
Lexmark Security Advisory: TLS Protocol Vulnerabilityopens in a new tab (CVE-2019-1559)
TLS Padding Oracle vulnerability in Lexmark devices.
Lexmark Security Advisory: Stored Cross Site Scripting Vulnerabilitiesopens in a new tab (CVE-2020-10093, CVE-2020-10094)
A couple of stored cross site scripting vulnerabilities have been identified on older Lexmark devices.