A combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server in various Lexmark devices.
Postscript integer overflow vulnerability (CVE-2024-11347)abre em uma nova guia
An integer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript type confusion vulnerability (CVE-2024-11346)abre em uma nova guia
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript heap-based memory vulnerability (CVE-2024-11345)abre em uma nova guia
A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript type confusion vulnerability (CVE-2024-11344)abre em uma nova guia
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.
A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices (CVE-2023-50733)abre em uma nova guia
A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.
Buffer Overflow Vulnerability (CVE-2023-50739)abre em uma nova guia
A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices.
Firmware Downgrade Prevention Vulnerability (CVE-2023-50738)abre em uma nova guia
A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices.
Postscript Buffer Overflowabre em uma nova guia (CVE-2023-50734)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Heap Corruptionabre em uma nova guia (CVE-2023-50735)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Memory Corruptionabre em uma nova guia (CVE-2023-50736)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Input Validation Vulnerabilityabre em uma nova guia (CVE-2023-50737)
An input validation vulnerability in the SE Menu has been identified in Lexmark devices.
XML external entity vulnerabilityabre em uma nova guia (CVE-2023-40239)
An XML external entity (XXE) vulnerability exists in older Lexmark devices.
Postscript Buffer Overflow (type confusion)abre em uma nova guia (CVE-2023-26063)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Buffer Overflow (out of bounds write)abre em uma nova guia (CVE-2023-26064)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Buffer Overflow (integer overflow)abre em uma nova guia (CVE-2023-26065)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Postscript Buffer Overflow (improper stack validation)abre em uma nova guia (CVE-2023-26066)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
Input validation vulnerabilityabre em uma nova guia (CVE-2023-26067)
An input validation vulnerability which allows an attacker who has already compromised an affected Lexmark device to escalate privileges.
Embedded Web Server input sanitization vulnerabilityabre em uma nova guia (CVE-2023-26068)
The embedded web server fails to properly sanitize input data which can lead to remote code execution.
Web API input validation vulnerabilityabre em uma nova guia (CVE-2023-26069)
A web API input validation vulnerability in newer Lexmark devices.
SNMP input validation vulnerabilityabre em uma nova guia (CVE-2023-26070)
An input validation vulnerability in SNMP in various Lexmark devices.
Account Lockout bypassabre em uma nova guia (CVE-2023-22960)
This vulnerability allows an attacker to bypass protections on the device that protect local accounts against brute-force guessing attacks.
Server Side Request Forgeryabre em uma nova guia (CVE-2023-23560)
A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.
jQuery vulnerabilityabre em uma nova guia (CVE-2019-11358)
jQuery contains vulnerability that can lead to a denial of service, remote code execution, or property injection
Compromised device remains vulnerable after firmware updateabre em uma nova guia (CVE-2022-29850)
An attacker who has already compromised an affected Lexmark device can maintain persistence across reboots.
SpringShell (and/or Spring4Shell) vulnerabilitiesabre em uma nova guia (CVE-2022-22965, CVE-2022-22963)
Lexmark hardware and software products are not impacted by the SpringShell vulnerability.
Initial setup menus apply insufficient permissionsabre em uma nova guia (CVE-2022-24935)
The initial admin account setup wizard on Lexmark devices allows unauthenticated access to the “Firmware Updates” feature.
Postscript Buffer overflowabre em uma nova guia (CVE-2021-44738)
A vulnerability has been identified in the Postscript interpreter in various Lexmark devices.
PJL directory traversal vulnerabilityabre em uma nova guia (CVE-2021-44737)
Various Lexmark devices have a directory traversal vulnerability that can be leveraged to overwrite internal configuration files.
Initial setup menus apply insufficient permissionsabre em uma nova guia (CVE-2021-44736)
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.
Embedded web server command injection vulnerabilityabre em uma nova guia (CVE-2021-44735)
The embedded web server in various Lexmark devices contains a command injection vulnerability.
Embedded web server input sanitization vulnerabilityabre em uma nova guia (CVE-2021-44734)
The embedded web server in Lexmark devices fails to properly sanitize input data which can lead to remote code execution on the device.
Apache Log4j Vulnerabilitiesabre em uma nova guia (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105)
This document lists Lexmark products that may be impacted by the Log4j vulnerability. Any product not listed is still under review for impact.
Lexmark Security Advisory: Local Escalation of Privilege in the Lexmark Universal Print Driverabre em uma nova guia (CVE-2021-35449)
The Lexmark Universal Print Driver contains a local escalation of privilege vulnerability.
Lexmark Security Advisory: Unquoted Service Path in Lexmark Printer Software G2, G3 and G4 Installation Packagesabre em uma nova guia (CVE-2021-35469)
The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.
Lexmark Security Advisory: Security jumper race condition in the MX6500abre em uma nova guia (CVE-2020-35546)
The access control settings on a MX6500 may reset during a power on or reboot.
Lexmark Security Advisory: Wifi Chip Driver Vulnerabilityabre em uma nova guia (CVE-2019-14816)
A vulnerability was found in the WiFi chip driver used in Lexmark device.
Lexmark Security Advisory: Cross Site Request Forgery Vulnerabilityabre em uma nova guia (CVE-2020-13481)
A stored cross site scripting vulnerability has been identified in Lexmark devices.
Lexmark Security Advisory: Cross Site Request Forgeryabre em uma nova guia Vulnerability (CVE-2020-10095)
Lexmark devices' embedded web server contains a cross site request forgery attack vulnerability that allows devices configuration to be altered without authorization.
Lexmark Security Advisory: TLS Protocol Vulnerabilityabre em uma nova guia (CVE-2019-1559)
TLS Padding Oracle vulnerability in Lexmark devices.
Lexmark Security Advisory: Stored Cross Site Scripting Vulnerabilitiesabre em uma nova guia (CVE-2020-10093, CVE-2020-10094)
A couple of stored cross site scripting vulnerabilities have been identified on older Lexmark devices.