Vendor
Xerox
Xerox Corporation is an American corporation that sells printers, digital document products and services in more than 160 countries. Xerox was the pioneer of the photocopier market, beginning with the introduction of the Xerox 914 in 1959, so much so that the word xerox is commonly used as a synonym for photocopy. Xerox is headquartered in Norwalk, Connecticut, though it is incorporated in New York with its largest group of employees based around Rochester, New York, where the company was founded. As a large developed company, it is consistently placed in the list of Fortune 500 companies.
Founded 1906
Products
75
CVEs
63
Across products
494
Status
Private
Products
75- 99 CVEs
- 24 CVEs
- 24 CVEs
- 24 CVEs
- 24 CVEs
- 24 CVEs
- 24 CVEs
- 12 CVEs
- 9 CVEs
- 9 CVEs
- 9 CVEs
- 9 CVEs
- 9 CVEs
- 9 CVEs
- 9 CVEs
- 9 CVEs
- 8 CVEs
- 7 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- + 45 more — see CVE list below for full coverage.
Recent CVEs
63| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-3571 | 0.04 | — | 0.13 | Aug 10, 2008 | The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900. | ||
| CVE-2014-3138 | 0.03 | — | 0.03 | May 2, 2014 | SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information. | ||
| CVE-2009-3913 | 0.03 | — | 0.00 | Nov 9, 2009 | SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter. | ||
| CVE-2008-5225 | 0.03 | — | 0.04 | Nov 25, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories. | ||
| CVE-2009-1656 | 0.01 | — | 0.08 | May 16, 2009 | Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability." | ||
| CVE-2013-0415 | 0.00 | — | 0.00 | Jan 17, 2013 | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package. | ||
| CVE-2013-0407 | 0.00 | — | 0.00 | Jan 17, 2013 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework. | ||
| CVE-2012-0569 | 0.00 | — | 0.00 | Jan 17, 2013 | Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch. | ||
| CVE-2012-0773 | 0.00 | — | 0.03 | Mar 28, 2012 | The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||
| CVE-2010-0549 | 0.00 | — | 0.00 | Feb 4, 2010 | Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript file, aka "Unauthorized Directory Structure Access Vulnerability." | ||
| CVE-2010-0548 | 0.00 | — | 0.00 | Feb 4, 2010 | Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization. | ||
| CVE-2008-6436 | 0.00 | — | 0.01 | Mar 6, 2009 | Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2008-3122 | 0.00 | — | 0.00 | Jul 10, 2008 | Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to execute arbitrary SQL commands via the unspecified vectors. | ||
| CVE-2008-3121 | 0.00 | — | 0.00 | Jul 10, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2008-2825 | 0.00 | — | 0.00 | Jun 23, 2008 | Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2008-2824 | 0.00 | — | 0.02 | Jun 23, 2008 | Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors. | ||
| CVE-2008-2743 | 0.00 | — | 0.00 | Jun 17, 2008 | Cross-site scripting (XSS) vulnerability in the embedded web server in Xerox 4110, 4590, and 4595 Copier/Printers allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||
| CVE-2006-6473 | 0.00 | — | 0.00 | Dec 11, 2006 | Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User Interface (LUI) if overwrite fails, (2) an IIO failure when a Held Job is deleted, and (3) an On Demand Image Overwrite failure when the overwrite is greater than 2 Gb. | ||
| CVE-2006-6470 | 0.00 | — | 0.00 | Dec 11, 2006 | The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors. NOTE: due to the vagueness of the advisory, it is not clear whether this is a vulnerability, or a bug in a security feature. | ||
| CVE-2006-6471 | 0.00 | — | 0.00 | Dec 11, 2006 | Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 use weak permissions for certain files, which allows unspecified file access. |