Vendor CVEs
Lexmark
All CVEs
58 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13771 | Cri | 0.64 | 9.8 | 0.03 | Sep 7, 2017 | Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2)… | ||
| CVE-2016-4336 | Cri | 0.64 | 9.8 | 0.04 | Jan 6, 2017 | An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could… | ||
| CVE-2016-1896 | Cri | 0.64 | 9.8 | 0.03 | Jan 27, 2016 | Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper… | ||
| CVE-2025-29757 | Cri | 0.61 | — | 0.00 | Jul 19, 2025 | An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account. | ||
| CVE-2024-7205 | Cri | 0.61 | — | 0.01 | Jul 31, 2024 | When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information. | ||
| CVE-2025-65078 | Cri | 0.60 | — | 0.01 | Feb 3, 2026 | An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code. | ||
| CVE-2025-1126 | Cri | 0.60 | 9.3 | 0.00 | Feb 11, 2025 | A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client. | ||
| CVE-2020-35546 | Cri | 0.59 | 9.1 | 0.00 | Feb 19, 2025 | Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings. | ||
| CVE-2023-50736 | Cri | 0.59 | 9.0 | 0.01 | Feb 28, 2024 | A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | ||
| CVE-2023-50735 | Cri | 0.59 | 9.0 | 0.01 | Feb 28, 2024 | A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | ||
| CVE-2025-65077 | Hig | 0.57 | — | 0.01 | Feb 3, 2026 | A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. | ||
| CVE-2017-2821 | Hig | 0.57 | 8.8 | 0.02 | Sep 5, 2017 | An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution. | ||
| CVE-2025-4046 | Hig | 0.55 | 8.5 | 0.00 | Aug 19, 2025 | A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization | ||
| CVE-2016-4335 | Hig | 0.55 | 8.4 | 0.04 | Jan 6, 2017 | An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution. | ||
| CVE-2025-4044 | Hig | 0.53 | 8.2 | 0.00 | Aug 19, 2025 | Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL. | ||
| CVE-2020-10095 | Hig | 0.53 | 8.1 | 0.00 | Feb 19, 2025 | Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device. | ||
| CVE-2016-5646 | Hig | 0.51 | 7.8 | 0.02 | Jan 6, 2017 | An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this… | ||
| CVE-2017-2822 | Hig | 0.49 | 7.5 | 0.02 | Sep 5, 2017 | An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to… | ||
| CVE-2024-11346 | Hig | 0.47 | 7.3 | 0.00 | Feb 13, 2025 | : Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through… | ||
| CVE-2024-11345 | Hig | 0.47 | 7.3 | 0.00 | Feb 13, 2025 | A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | ||
| CVE-2024-11344 | Hig | 0.47 | 7.3 | 0.00 | Feb 13, 2025 | A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | ||
| CVE-2025-65080 | Med | 0.45 | — | 0.00 | Feb 3, 2026 | A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. | ||
| CVE-2025-65079 | Med | 0.45 | — | 0.00 | Feb 3, 2026 | A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. | ||
| CVE-2025-9269 | Med | 0.45 | — | 0.00 | Sep 9, 2025 | A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful… | ||
| CVE-2016-3145 | Med | 0.30 | 4.6 | 0.00 | Apr 22, 2016 | Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read… | ||
| CVE-2023-50738 | Med | 0.28 | 4.3 | 0.00 | Jan 17, 2025 | A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. | ||
| CVE-2017-2806 | Med | 0.28 | 4.3 | 0.01 | Apr 20, 2017 | An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and… | ||
| CVE-2014-8741 | 0.09 | — | 0.77 | Jan 27, 2020 | Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors. | |||
| CVE-2019-16758 | 0.05 | — | 0.17 | Nov 21, 2019 | In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system. | |||
| CVE-2021-35449 | 0.04 | — | 0.01 | Jul 19, 2021 | The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of… | |||
| CVE-2010-0619 | 0.03 | — | 0.05 | Mar 24, 2010 | Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang)… | |||
| CVE-2004-0740 | 0.03 | — | 0.03 | Jul 27, 2004 | The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow. | |||
| CVE-2021-44734 | 0.01 | — | 0.06 | Jan 20, 2022 | Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device. | |||
| CVE-2021-44735 | 0.01 | — | 0.08 | Jan 20, 2022 | Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. | |||
| CVE-2014-8742 | 0.01 | — | 0.04 | Jan 27, 2020 | Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2023-40239 | 0.00 | — | 0.00 | Sep 1, 2023 | Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or… | |||
| CVE-2023-26316 | 0.00 | — | 0.00 | Aug 2, 2023 | A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies. | |||
| CVE-2021-35469 | 0.00 | — | 0.00 | Jul 14, 2021 | The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path. | |||
| CVE-2020-10093 | 0.00 | — | 0.01 | Apr 28, 2020 | A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued products. | |||
| CVE-2020-10094 | 0.00 | — | 0.01 | Apr 28, 2020 | A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before… | |||
| CVE-2018-18894 | 0.00 | — | 0.02 | Mar 10, 2020 | Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server. | |||
| CVE-2011-3269 | 0.00 | — | 0.01 | Mar 9, 2020 | Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. | |||
| CVE-2011-4538 | 0.00 | — | 0.01 | Mar 9, 2020 | Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings. | |||
| CVE-2016-1487 | 0.00 | — | 0.03 | Mar 9, 2020 | Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization. | |||
| CVE-2016-6918 | 0.00 | — | 0.02 | Mar 9, 2020 | Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. ( | |||
| CVE-2019-18791 | 0.00 | — | 0.01 | Feb 13, 2020 | Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser. | |||
| CVE-2018-17944 | 0.00 | — | 0.01 | Mar 12, 2019 | On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because… | |||
| CVE-2019-6489 | 0.00 | — | 0.01 | Feb 11, 2019 | Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts. | |||
| CVE-2014-9375 | 0.00 | — | 0.03 | Feb 16, 2015 | Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive. | |||
| CVE-2013-6033 | 0.00 | — | 0.02 | Feb 4, 2014 | Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250… |
- risk 0.64cvss 9.8epss 0.03
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2)…
- risk 0.64cvss 9.8epss 0.04
An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could…
- risk 0.64cvss 9.8epss 0.03
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper…
- risk 0.61cvss —epss 0.00
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.
- risk 0.61cvss —epss 0.01
When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.
- risk 0.60cvss —epss 0.01
An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code.
- risk 0.60cvss 9.3epss 0.00
A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.
- risk 0.59cvss 9.1epss 0.00
Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings.
- risk 0.59cvss 9.0epss 0.01
A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
- risk 0.59cvss 9.0epss 0.01
A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
- risk 0.57cvss —epss 0.01
A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
- risk 0.57cvss 8.8epss 0.02
An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.
- risk 0.55cvss 8.5epss 0.00
A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization
- risk 0.55cvss 8.4epss 0.04
An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution.
- risk 0.53cvss 8.2epss 0.00
Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL.
- risk 0.53cvss 8.1epss 0.00
Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device.
- risk 0.51cvss 7.8epss 0.02
An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this…
- risk 0.49cvss 7.5epss 0.02
An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to…
- risk 0.47cvss 7.3epss 0.00
: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through…
- risk 0.47cvss 7.3epss 0.00
A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
- risk 0.47cvss 7.3epss 0.00
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
- risk 0.45cvss —epss 0.00
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
- risk 0.45cvss —epss 0.00
A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
- risk 0.45cvss —epss 0.00
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful…
- risk 0.30cvss 4.6epss 0.00
Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read…
- risk 0.28cvss 4.3epss 0.00
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified.
- risk 0.28cvss 4.3epss 0.01
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and…
- CVE-2014-8741Jan 27, 2020risk 0.09cvss —epss 0.77
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.
- CVE-2019-16758Nov 21, 2019risk 0.05cvss —epss 0.17
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.
- CVE-2021-35449Jul 19, 2021risk 0.04cvss —epss 0.01
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of…
- CVE-2010-0619Mar 24, 2010risk 0.03cvss —epss 0.05
Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang)…
- CVE-2004-0740Jul 27, 2004risk 0.03cvss —epss 0.03
The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow.
- CVE-2021-44734Jan 20, 2022risk 0.01cvss —epss 0.06
Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.
- CVE-2021-44735Jan 20, 2022risk 0.01cvss —epss 0.08
Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.
- CVE-2014-8742Jan 27, 2020risk 0.01cvss —epss 0.04
Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.
- CVE-2023-40239Sep 1, 2023risk 0.00cvss —epss 0.00
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or…
- CVE-2023-26316Aug 2, 2023risk 0.00cvss —epss 0.00
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.
- CVE-2021-35469Jul 14, 2021risk 0.00cvss —epss 0.00
The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.
- CVE-2020-10093Apr 28, 2020risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued products.
- CVE-2020-10094Apr 28, 2020risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before…
- CVE-2018-18894Mar 10, 2020risk 0.00cvss —epss 0.02
Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.
- CVE-2011-3269Mar 9, 2020risk 0.00cvss —epss 0.01
Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.
- CVE-2011-4538Mar 9, 2020risk 0.00cvss —epss 0.01
Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.
- CVE-2016-1487Mar 9, 2020risk 0.00cvss —epss 0.03
Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.
- CVE-2016-6918Mar 9, 2020risk 0.00cvss —epss 0.02
Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (
- CVE-2019-18791Feb 13, 2020risk 0.00cvss —epss 0.01
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.
- CVE-2018-17944Mar 12, 2019risk 0.00cvss —epss 0.01
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because…
- CVE-2019-6489Feb 11, 2019risk 0.00cvss —epss 0.01
Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.
- CVE-2014-9375Feb 16, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.
- CVE-2013-6033Feb 4, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250…
Page 1 of 2