Lexmark
Products
96- 10 CVEs
- 6 CVEs
- 6 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- View all 96 products →
Recent CVEs
58| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13771 | Cri | 0.64 | 9.8 | 0.03 | Sep 7, 2017 | Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2)… | ||
| CVE-2016-4336 | Cri | 0.64 | 9.8 | 0.04 | Jan 6, 2017 | An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could… | ||
| CVE-2016-1896 | Cri | 0.64 | 9.8 | 0.03 | Jan 27, 2016 | Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper… | ||
| CVE-2025-29757 | Cri | 0.61 | — | 0.00 | Jul 19, 2025 | An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account. | ||
| CVE-2024-7205 | Cri | 0.61 | — | 0.01 | Jul 31, 2024 | When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information. | ||
| CVE-2025-65078 | Cri | 0.60 | — | 0.01 | Feb 3, 2026 | An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code. | ||
| CVE-2025-1126 | Cri | 0.60 | 9.3 | 0.00 | Feb 11, 2025 | A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client. | ||
| CVE-2020-35546 | Cri | 0.59 | 9.1 | 0.00 | Feb 19, 2025 | Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings. | ||
| CVE-2023-50736 | Cri | 0.59 | 9.0 | 0.01 | Feb 28, 2024 | A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | ||
| CVE-2023-50735 | Cri | 0.59 | 9.0 | 0.01 | Feb 28, 2024 | A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | ||
| CVE-2025-65077 | Hig | 0.57 | — | 0.01 | Feb 3, 2026 | A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. | ||
| CVE-2017-2821 | Hig | 0.57 | 8.8 | 0.02 | Sep 5, 2017 | An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution. | ||
| CVE-2025-4046 | Hig | 0.55 | 8.5 | 0.00 | Aug 19, 2025 | A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization | ||
| CVE-2016-4335 | Hig | 0.55 | 8.4 | 0.04 | Jan 6, 2017 | An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution. | ||
| CVE-2025-4044 | Hig | 0.53 | 8.2 | 0.00 | Aug 19, 2025 | Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL. | ||
| CVE-2020-10095 | Hig | 0.53 | 8.1 | 0.00 | Feb 19, 2025 | Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device. | ||
| CVE-2016-5646 | Hig | 0.51 | 7.8 | 0.02 | Jan 6, 2017 | An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this… | ||
| CVE-2017-2822 | Hig | 0.49 | 7.5 | 0.02 | Sep 5, 2017 | An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to… | ||
| CVE-2024-11346 | Hig | 0.47 | 7.3 | 0.00 | Feb 13, 2025 | : Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through… | ||
| CVE-2024-11345 | Hig | 0.47 | 7.3 | 0.00 | Feb 13, 2025 | A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. |
- risk 0.64cvss 9.8epss 0.03
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2)…
- risk 0.64cvss 9.8epss 0.04
An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could…
- risk 0.64cvss 9.8epss 0.03
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper…
- risk 0.61cvss —epss 0.00
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.
- risk 0.61cvss —epss 0.01
When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.
- risk 0.60cvss —epss 0.01
An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code.
- risk 0.60cvss 9.3epss 0.00
A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.
- risk 0.59cvss 9.1epss 0.00
Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings.
- risk 0.59cvss 9.0epss 0.01
A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
- risk 0.59cvss 9.0epss 0.01
A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
- risk 0.57cvss —epss 0.01
A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
- risk 0.57cvss 8.8epss 0.02
An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.
- risk 0.55cvss 8.5epss 0.00
A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization
- risk 0.55cvss 8.4epss 0.04
An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution.
- risk 0.53cvss 8.2epss 0.00
Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL.
- risk 0.53cvss 8.1epss 0.00
Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device.
- risk 0.51cvss 7.8epss 0.02
An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this…
- risk 0.49cvss 7.5epss 0.02
An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to…
- risk 0.47cvss 7.3epss 0.00
: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through…
- risk 0.47cvss 7.3epss 0.00
A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.