VYPR

Vendor CVEs

Lexmark

All CVEs

58 total · sorted by risk
  • CVE-2017-13771CriSep 7, 2017
    risk 0.64cvss 9.8epss 0.03

    Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2)…

  • CVE-2016-4336CriJan 6, 2017
    risk 0.64cvss 9.8epss 0.04

    An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could…

  • CVE-2016-1896CriJan 27, 2016
    risk 0.64cvss 9.8epss 0.03

    Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper…

  • CVE-2025-29757CriJul 19, 2025
    risk 0.61cvss epss 0.00

    An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.

  • CVE-2024-7205CriJul 31, 2024
    risk 0.61cvss epss 0.01

    When the device is shared, the homepage module are before 2.19.0  in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.

  • CVE-2025-65078CriFeb 3, 2026
    risk 0.60cvss epss 0.01

    An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code.

  • CVE-2025-1126CriFeb 11, 2025
    risk 0.60cvss 9.3epss 0.00

    A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.

  • CVE-2020-35546CriFeb 19, 2025
    risk 0.59cvss 9.1epss 0.00

    Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings.

  • CVE-2023-50736CriFeb 28, 2024
    risk 0.59cvss 9.0epss 0.01

    A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

  • CVE-2023-50735CriFeb 28, 2024
    risk 0.59cvss 9.0epss 0.01

    A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

  • CVE-2025-65077HigFeb 3, 2026
    risk 0.57cvss epss 0.01

    A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

  • CVE-2017-2821HigSep 5, 2017
    risk 0.57cvss 8.8epss 0.02

    An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.

  • CVE-2025-4046HigAug 19, 2025
    risk 0.55cvss 8.5epss 0.00

    A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization

  • CVE-2016-4335HigJan 6, 2017
    risk 0.55cvss 8.4epss 0.04

    An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution.

  • CVE-2025-4044HigAug 19, 2025
    risk 0.53cvss 8.2epss 0.00

    Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL.

  • CVE-2020-10095HigFeb 19, 2025
    risk 0.53cvss 8.1epss 0.00

    Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device.

  • CVE-2016-5646HigJan 6, 2017
    risk 0.51cvss 7.8epss 0.02

    An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this…

  • CVE-2017-2822HigSep 5, 2017
    risk 0.49cvss 7.5epss 0.02

    An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to…

  • CVE-2024-11346HigFeb 13, 2025
    risk 0.47cvss 7.3epss 0.00

    : Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through…

  • CVE-2024-11345HigFeb 13, 2025
    risk 0.47cvss 7.3epss 0.00

    A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

  • CVE-2024-11344HigFeb 13, 2025
    risk 0.47cvss 7.3epss 0.00

    A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.

  • CVE-2025-65080MedFeb 3, 2026
    risk 0.45cvss epss 0.00

    A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

  • CVE-2025-65079MedFeb 3, 2026
    risk 0.45cvss epss 0.00

    A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

  • CVE-2025-9269MedSep 9, 2025
    risk 0.45cvss epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful…

  • CVE-2016-3145MedApr 22, 2016
    risk 0.30cvss 4.6epss 0.00

    Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read…

  • CVE-2023-50738MedJan 17, 2025
    risk 0.28cvss 4.3epss 0.00

    A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified.

  • CVE-2017-2806MedApr 20, 2017
    risk 0.28cvss 4.3epss 0.01

    An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and…

  • CVE-2014-8741Jan 27, 2020
    risk 0.09cvss epss 0.77

    Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.

  • CVE-2019-16758Nov 21, 2019
    risk 0.05cvss epss 0.17

    In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.

  • CVE-2021-35449Jul 19, 2021
    risk 0.04cvss epss 0.01

    The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of…

  • CVE-2010-0619Mar 24, 2010
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang)…

  • CVE-2004-0740Jul 27, 2004
    risk 0.03cvss epss 0.03

    The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow.

  • CVE-2021-44734Jan 20, 2022
    risk 0.01cvss epss 0.06

    Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.

  • CVE-2021-44735Jan 20, 2022
    risk 0.01cvss epss 0.08

    Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.

  • CVE-2014-8742Jan 27, 2020
    risk 0.01cvss epss 0.04

    Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2023-40239Sep 1, 2023
    risk 0.00cvss epss 0.00

    Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or…

  • CVE-2023-26316Aug 2, 2023
    risk 0.00cvss epss 0.00

    A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.

  • CVE-2021-35469Jul 14, 2021
    risk 0.00cvss epss 0.00

    The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.

  • CVE-2020-10093Apr 28, 2020
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued products.

  • CVE-2020-10094Apr 28, 2020
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before…

  • CVE-2018-18894Mar 10, 2020
    risk 0.00cvss epss 0.02

    Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.

  • CVE-2011-3269Mar 9, 2020
    risk 0.00cvss epss 0.01

    Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.

  • CVE-2011-4538Mar 9, 2020
    risk 0.00cvss epss 0.01

    Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.

  • CVE-2016-1487Mar 9, 2020
    risk 0.00cvss epss 0.03

    Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.

  • CVE-2016-6918Mar 9, 2020
    risk 0.00cvss epss 0.02

    Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (

  • CVE-2019-18791Feb 13, 2020
    risk 0.00cvss epss 0.01

    Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.

  • CVE-2018-17944Mar 12, 2019
    risk 0.00cvss epss 0.01

    On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because…

  • CVE-2019-6489Feb 11, 2019
    risk 0.00cvss epss 0.01

    Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.

  • CVE-2014-9375Feb 16, 2015
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.

  • CVE-2013-6033Feb 4, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250…

Page 1 of 2