VYPR

Vendor CVEs

Canon

All CVEs

92 total · sorted by risk
  • CVE-2024-2184CriMar 11, 2024
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF740C…

  • CVE-2018-12049CriJun 8, 2018
    risk 0.64cvss 9.8epss 0.05

    A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps…

  • CVE-2018-12048CriJun 8, 2018
    risk 0.64cvss 9.8epss 0.05

    A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the…

  • CVE-2018-11711CriJun 4, 2018
    risk 0.64cvss 9.8epss 0.05

    A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a…

  • CVE-2018-11692CriJun 4, 2018
    risk 0.64cvss 9.8epss 0.05

    An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that this issue occurs when a…

  • CVE-2025-1268CriMar 31, 2025
    risk 0.61cvss 9.4epss 0.01

    Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / Generic FAX Printer Driver / UFRII LT Printer…

  • CVE-2025-11843HigOct 31, 2025
    risk 0.57cvss epss 0.00

    Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API…

  • CVE-2025-3079HigMay 20, 2025
    risk 0.57cvss 8.7epss 0.01

    A passback vulnerability which relates to office/small office multifunction printers and laser printers.

  • CVE-2026-32679HigApr 23, 2026
    risk 0.51cvss 7.8epss 0.00

    The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a…

  • CVE-2025-47422HigJul 8, 2025
    risk 0.49cvss 7.5epss 0.00

    Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM.…

  • CVE-2026-9261MedJun 16, 2026
    risk 0.44cvss 6.8epss 0.00

    Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier

  • CVE-2026-1585MedFeb 27, 2026
    risk 0.44cvss 6.7epss 0.00

    An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with the privileges of the affected service.

  • CVE-2018-12111MedJun 11, 2018
    risk 0.43cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI.

  • CVE-2026-9262MedJun 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier

  • CVE-2026-9259MedJun 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier

  • CVE-2026-9258MedJun 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

  • CVE-2026-9260MedJun 16, 2026
    risk 0.40cvss 6.2epss 0.00

    Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

  • CVE-2025-9903MedSep 29, 2025
    risk 0.38cvss 5.9epss 0.00

    Out-of-bounds write vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer…

  • CVE-2025-7698MedSep 29, 2025
    risk 0.38cvss 5.9epss 0.00

    Out-of-bounds read vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer…

  • CVE-2025-9904MedSep 29, 2025
    risk 0.34cvss 5.3epss 0.00

    Unallocated memory access vulnerability in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2…

  • CVE-2025-0236MedFeb 26, 2025
    risk 0.34cvss 5.3epss 0.01

    Out-of-bounds vulnerability in slope processing during curve rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.

  • CVE-2025-0235MedFeb 26, 2025
    risk 0.34cvss 5.3epss 0.01

    Out-of-bounds vulnerability due to improper memory release during image rendering in Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.

  • CVE-2025-0234MedFeb 26, 2025
    risk 0.34cvss 5.3epss 0.01

    Out-of-bounds vulnerability in curve segmentation processing of Generic PCL6 V4 Printer Driver / Generic UFR II V4 Printer Driver / Generic LIPSLX V4 Printer Driver.

  • CVE-2026-6892MedMay 29, 2026
    risk 0.33cvss 5.0epss 0.00

    Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories for which they would not normally have…

  • CVE-2026-6891MedMay 29, 2026
    risk 0.33cvss 5.0epss 0.00

    Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not…

  • CVE-2025-5995MedJun 26, 2025
    risk 0.30cvss epss 0.00

    Canon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29) and earlier contains an improper directory permissions vulnerability. Exploitation of this vulnerability requires administrator access by a malicious user. An attacker could modify the directory, potentially resulting…

  • CVE-2006-1185Apr 11, 2006
    risk 0.09cvss epss 0.70

    Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.

  • CVE-2006-1188Apr 11, 2006
    risk 0.08cvss epss 0.57

    Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.

  • CVE-2006-1192Apr 11, 2006
    risk 0.06cvss epss 0.31

    Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address…

  • CVE-2006-7065Mar 2, 2007
    risk 0.05cvss epss 0.20

    Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

  • CVE-2013-4615Jun 21, 2013
    risk 0.04cvss epss 0.16

    The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to…

  • CVE-2006-3354Jul 6, 2006
    risk 0.04cvss epss 0.17

    Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.

  • CVE-2021-38085Aug 11, 2021
    risk 0.03cvss epss 0.01

    The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of…

  • CVE-2019-14339Sep 5, 2019
    risk 0.03cvss epss 0.05

    The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords…

  • CVE-2013-4614Jun 21, 2013
    risk 0.03cvss epss 0.03

    English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of…

  • CVE-2021-38154Aug 29, 2021
    risk 0.01cvss epss 0.04

    Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail…

  • CVE-2006-2900Jun 7, 2006
    risk 0.01cvss epss 0.13

    Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those…

  • CVE-2005-4827Dec 31, 2005
    risk 0.01cvss epss 0.11

    Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return…

  • CVE-2025-14236Jan 15, 2026
    risk 0.00cvss epss 0.01

    Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series…

  • CVE-2025-14234Jan 15, 2026
    risk 0.00cvss epss 0.01

    Buffer overflow in CPCA list processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series…

  • CVE-2025-14233Jan 15, 2026
    risk 0.00cvss epss 0.01

    Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C…

  • CVE-2025-14232Jan 15, 2026
    risk 0.00cvss epss 0.01

    Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C…

  • CVE-2025-14231Jan 15, 2026
    risk 0.00cvss epss 0.01

    Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C…

  • CVE-2025-2146May 25, 2025
    risk 0.00cvss epss 0.01

    Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera…

  • CVE-2024-12647Jan 28, 2025
    risk 0.00cvss epss 0.01

    Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw…

  • CVE-2024-0244Feb 6, 2024
    risk 0.00cvss epss 0.01

    Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and…

  • CVE-2023-6234Feb 6, 2024
    risk 0.00cvss epss 0.01

    Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera…

  • CVE-2023-6233Feb 6, 2024
    risk 0.00cvss epss 0.01

    Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C…

  • CVE-2023-6232Feb 6, 2024
    risk 0.00cvss epss 0.01

    Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary…

  • CVE-2023-6231Feb 6, 2024
    risk 0.00cvss epss 0.01

    Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series…

Page 1 of 2