VYPR
Vendor

Lexmark

Products
96
CVEs
58
Across products
89
Status
Private

Products

96
View all 96 products →

Recent CVEs

58
View all 58 CVEs →
  • CVE-2017-13771CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.03

    Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2)…

  • CVE-2016-4336CriJan 6, 2017
    risk 0.64cvss 9.8epss 0.04

    An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could…

  • CVE-2016-1896CriJan 27, 2016
    risk 0.64cvss 9.8epss 0.03

    Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper…

  • CVE-2025-29757CriJul 19, 2025
    risk 0.61cvss epss 0.00

    An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.

  • CVE-2024-7205CriJul 31, 2024
    risk 0.61cvss epss 0.01

    When the device is shared, the homepage module are before 2.19.0  in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.

  • CVE-2025-65078CriFeb 3, 2026
    risk 0.60cvss epss 0.01

    An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code.

  • CVE-2025-1126CriFeb 11, 2025
    risk 0.60cvss 9.3epss 0.00

    A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.

  • CVE-2020-35546CriFeb 19, 2025
    risk 0.59cvss 9.1epss 0.00

    Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings.

  • CVE-2023-50736CriFeb 28, 2024
    risk 0.59cvss 9.0epss 0.01

    A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

  • CVE-2023-50735CriFeb 28, 2024
    risk 0.59cvss 9.0epss 0.01

    A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

  • CVE-2025-65077HigFeb 3, 2026
    risk 0.57cvss epss 0.01

    A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

  • CVE-2017-2821HigSep 5, 2017
    risk 0.57cvss 8.8epss 0.02

    An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.

  • CVE-2025-4046HigAug 19, 2025
    risk 0.55cvss 8.5epss 0.00

    A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization

  • CVE-2016-4335HigJan 6, 2017
    risk 0.55cvss 8.4epss 0.04

    An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution.

  • CVE-2025-4044HigAug 19, 2025
    risk 0.53cvss 8.2epss 0.00

    Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL.

  • CVE-2020-10095HigFeb 19, 2025
    risk 0.53cvss 8.1epss 0.00

    Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device.

  • CVE-2016-5646HigJan 6, 2017
    risk 0.51cvss 7.8epss 0.02

    An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this…

  • CVE-2017-2822HigSep 5, 2017
    risk 0.49cvss 7.5epss 0.02

    An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to…

  • CVE-2024-11346HigFeb 13, 2025
    risk 0.47cvss 7.3epss 0.00

    : Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through…

  • CVE-2024-11345HigFeb 13, 2025
    risk 0.47cvss 7.3epss 0.00

    A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.