VYPR

Vendor CVEs

Xerox

All CVEs

119 total · sorted by risk
  • CVE-2024-47555HigOct 7, 2024
    risk 0.54cvss 8.3epss 0.00

    Missing Authentication - User & System Configuration

  • CVE-2025-1984MedMar 12, 2025
    risk 0.34cvss 5.2epss 0.00

    Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access.

  • CVE-2008-3571Aug 10, 2008
    risk 0.06cvss epss 0.36

    The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.

  • CVE-2014-3138May 2, 2014
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/.…

  • CVE-2009-3913Nov 9, 2009
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter.

  • CVE-2008-5225Nov 25, 2008
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under…

  • CVE-2026-2252Feb 27, 2026
    risk 0.00cvss epss 0.00

    An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.  Please consider…

  • CVE-2026-2251Feb 27, 2026
    risk 0.00cvss epss 0.00

    Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to…

  • CVE-2026-1769Feb 6, 2026
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6.  Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software…

  • CVE-2025-8356Aug 8, 2025
    risk 0.00cvss epss 0.15

    In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.

  • CVE-2025-8355Aug 8, 2025
    risk 0.00cvss epss 0.07

    In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).

  • CVE-2024-55931Jan 27, 2025
    risk 0.00cvss epss 0.00

    Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised.  The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to…

  • CVE-2024-55930Jan 23, 2025
    risk 0.00cvss epss 0.00

    Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files

  • CVE-2024-55929Jan 23, 2025
    risk 0.00cvss epss 0.00

    A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources.

  • CVE-2024-55928Jan 23, 2025
    risk 0.00cvss epss 0.00

    Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption

  • CVE-2024-55927Jan 23, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions.

  • CVE-2024-55926Jan 23, 2025
    risk 0.00cvss epss 0.00

    A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data

  • CVE-2024-55925Jan 23, 2025
    risk 0.00cvss epss 0.00

    In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This…

  • CVE-2024-47559Oct 7, 2024
    risk 0.00cvss epss 0.00

    Authenticated RCE via Path Traversal

  • CVE-2024-47558Oct 7, 2024
    risk 0.00cvss epss 0.00

    Authenticated RCE via Path Traversal

  • CVE-2024-47557Oct 7, 2024
    risk 0.00cvss epss 0.01

    Pre-Auth RCE via Path Traversal

  • CVE-2024-47556Oct 7, 2024
    risk 0.00cvss epss 0.01

    Pre-Auth RCE via Path Traversal

  • CVE-2022-45897Jan 30, 2023
    risk 0.00cvss epss 0.00

    On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.

  • CVE-2022-26572Apr 4, 2022
    risk 0.00cvss epss 0.01

    Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information.

  • CVE-2021-37354Feb 15, 2022
    risk 0.00cvss epss 0.01

    Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

  • CVE-2022-23968Jan 26, 2022
    risk 0.00cvss epss 0.02

    Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing…

  • CVE-2019-10881Apr 13, 2021
    risk 0.00cvss epss 0.01

    Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.

  • CVE-2021-28671Mar 29, 2021
    risk 0.00cvss epss 0.03

    Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before…

  • CVE-2021-28672Mar 29, 2021
    risk 0.00cvss epss 0.02

    Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before…

  • CVE-2021-28668Mar 29, 2021
    risk 0.00cvss epss 0.01

    Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities.

  • CVE-2021-28669Mar 29, 2021
    risk 0.00cvss epss 0.01

    Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.

  • CVE-2021-28673Mar 29, 2021
    risk 0.00cvss epss 0.02

    Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before…

  • CVE-2021-28670Mar 29, 2021
    risk 0.00cvss epss 0.01

    Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.

  • CVE-2019-18630Mar 4, 2021
    risk 0.00cvss epss 0.01

    On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic…

  • CVE-2019-18629Mar 4, 2021
    risk 0.00cvss epss 0.01

    Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing…

  • CVE-2019-18628Mar 4, 2021
    risk 0.00cvss epss 0.01

    Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential…

  • CVE-2020-36201Jan 21, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.

  • CVE-2020-26162Oct 9, 2020
    risk 0.00cvss epss 0.01

    Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages.

  • CVE-2016-11061Apr 29, 2020
    risk 0.00cvss epss 0.02

    Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute…

  • CVE-2019-13165Mar 13, 2020
    risk 0.00cvss epss 0.03

    Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the…

  • CVE-2019-13166Mar 13, 2020
    risk 0.00cvss epss 0.01

    Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks.

  • CVE-2019-13167Mar 13, 2020
    risk 0.00cvss epss 0.01

    Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of…

  • CVE-2019-13168Mar 13, 2020
    risk 0.00cvss epss 0.03

    Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on…

  • CVE-2019-13169Mar 13, 2020
    risk 0.00cvss epss 0.03

    Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device.

  • CVE-2019-13170Mar 13, 2020
    risk 0.00cvss epss 0.00

    Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device.

  • CVE-2019-13171Mar 13, 2020
    risk 0.00cvss epss 0.03

    Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by…

  • CVE-2019-13172Mar 13, 2020
    risk 0.00cvss epss 0.03

    Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device.

  • CVE-2020-9330Feb 21, 2020
    risk 0.00cvss epss 0.01

    Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the…

  • CVE-2013-6362Feb 13, 2020
    risk 0.00cvss epss 0.01

    Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.

  • CVE-2019-19832Dec 18, 2019
    risk 0.00cvss epss 0.01

    Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)

Page 1 of 3