Vendor CVEs
Xerox
All CVEs
119 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47555 | Hig | 0.54 | 8.3 | 0.00 | Oct 7, 2024 | Missing Authentication - User & System Configuration | ||
| CVE-2025-1984 | Med | 0.34 | 5.2 | 0.00 | Mar 12, 2025 | Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access. | ||
| CVE-2008-3571 | 0.06 | — | 0.36 | Aug 10, 2008 | The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900. | |||
| CVE-2014-3138 | 0.03 | — | 0.03 | May 2, 2014 | SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/.… | |||
| CVE-2009-3913 | 0.03 | — | 0.03 | Nov 9, 2009 | SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter. | |||
| CVE-2008-5225 | 0.03 | — | 0.04 | Nov 25, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under… | |||
| CVE-2026-2252 | 0.00 | — | 0.00 | Feb 27, 2026 | An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider… | |||
| CVE-2026-2251 | 0.00 | — | 0.00 | Feb 27, 2026 | Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to… | |||
| CVE-2026-1769 | 0.00 | — | 0.00 | Feb 6, 2026 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software… | |||
| CVE-2025-8356 | 0.00 | — | 0.15 | Aug 8, 2025 | In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system. | |||
| CVE-2025-8355 | 0.00 | — | 0.07 | Aug 8, 2025 | In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF). | |||
| CVE-2024-55931 | 0.00 | — | 0.00 | Jan 27, 2025 | Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to… | |||
| CVE-2024-55930 | 0.00 | — | 0.00 | Jan 23, 2025 | Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files | |||
| CVE-2024-55929 | 0.00 | — | 0.00 | Jan 23, 2025 | A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources. | |||
| CVE-2024-55928 | 0.00 | — | 0.00 | Jan 23, 2025 | Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption | |||
| CVE-2024-55927 | 0.00 | — | 0.00 | Jan 23, 2025 | A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions. | |||
| CVE-2024-55926 | 0.00 | — | 0.00 | Jan 23, 2025 | A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data | |||
| CVE-2024-55925 | 0.00 | — | 0.00 | Jan 23, 2025 | In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This… | |||
| CVE-2024-47559 | 0.00 | — | 0.00 | Oct 7, 2024 | Authenticated RCE via Path Traversal | |||
| CVE-2024-47558 | 0.00 | — | 0.00 | Oct 7, 2024 | Authenticated RCE via Path Traversal | |||
| CVE-2024-47557 | 0.00 | — | 0.01 | Oct 7, 2024 | Pre-Auth RCE via Path Traversal | |||
| CVE-2024-47556 | 0.00 | — | 0.01 | Oct 7, 2024 | Pre-Auth RCE via Path Traversal | |||
| CVE-2022-45897 | 0.00 | — | 0.00 | Jan 30, 2023 | On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings. | |||
| CVE-2022-26572 | 0.00 | — | 0.01 | Apr 4, 2022 | Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information. | |||
| CVE-2021-37354 | 0.00 | — | 0.01 | Feb 15, 2022 | Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||
| CVE-2022-23968 | 0.00 | — | 0.02 | Jan 26, 2022 | Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing… | |||
| CVE-2019-10881 | 0.00 | — | 0.01 | Apr 13, 2021 | Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled. | |||
| CVE-2021-28671 | 0.00 | — | 0.03 | Mar 29, 2021 | Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before… | |||
| CVE-2021-28672 | 0.00 | — | 0.02 | Mar 29, 2021 | Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before… | |||
| CVE-2021-28668 | 0.00 | — | 0.01 | Mar 29, 2021 | Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities. | |||
| CVE-2021-28669 | 0.00 | — | 0.01 | Mar 29, 2021 | Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights. | |||
| CVE-2021-28673 | 0.00 | — | 0.02 | Mar 29, 2021 | Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before… | |||
| CVE-2021-28670 | 0.00 | — | 0.01 | Mar 29, 2021 | Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk. | |||
| CVE-2019-18630 | 0.00 | — | 0.01 | Mar 4, 2021 | On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic… | |||
| CVE-2019-18629 | 0.00 | — | 0.01 | Mar 4, 2021 | Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing… | |||
| CVE-2019-18628 | 0.00 | — | 0.01 | Mar 4, 2021 | Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential… | |||
| CVE-2020-36201 | 0.00 | — | 0.01 | Jan 21, 2021 | An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices. | |||
| CVE-2020-26162 | 0.00 | — | 0.01 | Oct 9, 2020 | Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages. | |||
| CVE-2016-11061 | 0.00 | — | 0.02 | Apr 29, 2020 | Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute… | |||
| CVE-2019-13165 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the… | |||
| CVE-2019-13166 | 0.00 | — | 0.01 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks. | |||
| CVE-2019-13167 | 0.00 | — | 0.01 | Mar 13, 2020 | Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of… | |||
| CVE-2019-13168 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on… | |||
| CVE-2019-13169 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device. | |||
| CVE-2019-13170 | 0.00 | — | 0.00 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. | |||
| CVE-2019-13171 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by… | |||
| CVE-2019-13172 | 0.00 | — | 0.03 | Mar 13, 2020 | Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device. | |||
| CVE-2020-9330 | 0.00 | — | 0.01 | Feb 21, 2020 | Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the… | |||
| CVE-2013-6362 | 0.00 | — | 0.01 | Feb 13, 2020 | Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. | |||
| CVE-2019-19832 | 0.00 | — | 0.01 | Dec 18, 2019 | Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.) |
- risk 0.54cvss 8.3epss 0.00
Missing Authentication - User & System Configuration
- risk 0.34cvss 5.2epss 0.00
Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access.
- CVE-2008-3571Aug 10, 2008risk 0.06cvss —epss 0.36
The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.
- CVE-2014-3138May 2, 2014risk 0.03cvss —epss 0.03
SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/.…
- CVE-2009-3913Nov 9, 2009risk 0.03cvss —epss 0.03
SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter.
- CVE-2008-5225Nov 25, 2008risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under…
- CVE-2026-2252Feb 27, 2026risk 0.00cvss —epss 0.00
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider…
- CVE-2026-2251Feb 27, 2026risk 0.00cvss —epss 0.00
Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to…
- CVE-2026-1769Feb 6, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software…
- CVE-2025-8356Aug 8, 2025risk 0.00cvss —epss 0.15
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
- CVE-2025-8355Aug 8, 2025risk 0.00cvss —epss 0.07
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
- CVE-2024-55931Jan 27, 2025risk 0.00cvss —epss 0.00
Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to…
- CVE-2024-55930Jan 23, 2025risk 0.00cvss —epss 0.00
Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files
- CVE-2024-55929Jan 23, 2025risk 0.00cvss —epss 0.00
A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources.
- CVE-2024-55928Jan 23, 2025risk 0.00cvss —epss 0.00
Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption
- CVE-2024-55927Jan 23, 2025risk 0.00cvss —epss 0.00
A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions.
- CVE-2024-55926Jan 23, 2025risk 0.00cvss —epss 0.00
A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data
- CVE-2024-55925Jan 23, 2025risk 0.00cvss —epss 0.00
In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This…
- CVE-2024-47559Oct 7, 2024risk 0.00cvss —epss 0.00
Authenticated RCE via Path Traversal
- CVE-2024-47558Oct 7, 2024risk 0.00cvss —epss 0.00
Authenticated RCE via Path Traversal
- CVE-2024-47557Oct 7, 2024risk 0.00cvss —epss 0.01
Pre-Auth RCE via Path Traversal
- CVE-2024-47556Oct 7, 2024risk 0.00cvss —epss 0.01
Pre-Auth RCE via Path Traversal
- CVE-2022-45897Jan 30, 2023risk 0.00cvss —epss 0.00
On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.
- CVE-2022-26572Apr 4, 2022risk 0.00cvss —epss 0.01
Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information.
- CVE-2021-37354Feb 15, 2022risk 0.00cvss —epss 0.01
Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.
- CVE-2022-23968Jan 26, 2022risk 0.00cvss —epss 0.02
Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing…
- CVE-2019-10881Apr 13, 2021risk 0.00cvss —epss 0.01
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.
- CVE-2021-28671Mar 29, 2021risk 0.00cvss —epss 0.03
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before…
- CVE-2021-28672Mar 29, 2021risk 0.00cvss —epss 0.02
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before…
- CVE-2021-28668Mar 29, 2021risk 0.00cvss —epss 0.01
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.
- CVE-2021-28669Mar 29, 2021risk 0.00cvss —epss 0.01
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.
- CVE-2021-28673Mar 29, 2021risk 0.00cvss —epss 0.02
Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before…
- CVE-2021-28670Mar 29, 2021risk 0.00cvss —epss 0.01
Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.
- CVE-2019-18630Mar 4, 2021risk 0.00cvss —epss 0.01
On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic…
- CVE-2019-18629Mar 4, 2021risk 0.00cvss —epss 0.01
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing…
- CVE-2019-18628Mar 4, 2021risk 0.00cvss —epss 0.01
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential…
- CVE-2020-36201Jan 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.
- CVE-2020-26162Oct 9, 2020risk 0.00cvss —epss 0.01
Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages.
- CVE-2016-11061Apr 29, 2020risk 0.00cvss —epss 0.02
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute…
- CVE-2019-13165Mar 13, 2020risk 0.00cvss —epss 0.03
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the…
- CVE-2019-13166Mar 13, 2020risk 0.00cvss —epss 0.01
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks.
- CVE-2019-13167Mar 13, 2020risk 0.00cvss —epss 0.01
Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of…
- CVE-2019-13168Mar 13, 2020risk 0.00cvss —epss 0.03
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on…
- CVE-2019-13169Mar 13, 2020risk 0.00cvss —epss 0.03
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device.
- CVE-2019-13170Mar 13, 2020risk 0.00cvss —epss 0.00
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.
- CVE-2019-13171Mar 13, 2020risk 0.00cvss —epss 0.03
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by…
- CVE-2019-13172Mar 13, 2020risk 0.00cvss —epss 0.03
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device.
- CVE-2020-9330Feb 21, 2020risk 0.00cvss —epss 0.01
Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the…
- CVE-2013-6362Feb 13, 2020risk 0.00cvss —epss 0.01
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.
- CVE-2019-19832Dec 18, 2019risk 0.00cvss —epss 0.01
Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
Page 1 of 3