VYPR

Vendor CVEs

Xerox

All CVEs

119 total · sorted by risk
  • CVE-2019-17184Oct 4, 2019
    risk 0.00cvss epss 0.02

    Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges.

  • CVE-2019-16307Sep 14, 2019
    risk 0.00cvss epss 0.01

    A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter…

  • CVE-2018-15530May 13, 2019
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code.

  • CVE-2019-10880Apr 12, 2019
    risk 0.00cvss epss 0.08

    Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.

  • CVE-2018-20767Feb 10, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.

  • CVE-2018-20771Feb 10, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.

  • CVE-2018-20770Feb 10, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection.

  • CVE-2018-20769Feb 10, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability.

  • CVE-2018-20768Feb 10, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.

  • CVE-2018-17172Jan 3, 2019
    risk 0.00cvss epss 0.02

    The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.

  • CVE-2013-0415Jan 17, 2013
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.

  • CVE-2013-0407Jan 17, 2013
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.

  • CVE-2012-0569Jan 17, 2013
    risk 0.00cvss epss 0.00

    Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch.

  • CVE-2012-0773Mar 28, 2012
    risk 0.00cvss epss 0.05

    The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070…

  • CVE-2010-0549Feb 4, 2010
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript…

  • CVE-2010-0548Feb 4, 2010
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device…

  • CVE-2009-1656May 16, 2009
    risk 0.00cvss epss 0.04

    Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability."

  • CVE-2008-6436Mar 6, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-3121Jul 10, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-3122Jul 10, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to execute arbitrary SQL commands via the unspecified vectors.

  • CVE-2008-2825Jun 23, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-2824Jun 23, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors.

  • CVE-2008-2743Jun 17, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the embedded web server in Xerox 4110, 4590, and 4595 Copier/Printers allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

  • CVE-2006-6472Dec 11, 2006
    risk 0.00cvss epss 0.01

    The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 configures port 443 to be always active, which has unknown impact and remote attack vectors.

  • CVE-2006-6469Dec 11, 2006
    risk 0.00cvss epss 0.00

    Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not block the postgres port (5432/tcp), which has unknown impact and remote attack vectors, probably related to unauthorized connections to a PostgreSQL daemon.

  • CVE-2006-6468Dec 11, 2006
    risk 0.00cvss epss 0.00

    Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not check the Fully Qualified Domain Name (FQDN) during a "Validate Repository SSL Certificate" scan, which has unknown impact and attack vectors, possibly…

  • CVE-2006-6471Dec 11, 2006
    risk 0.00cvss epss 0.01

    Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 use weak permissions for certain files, which allows unspecified file access.

  • CVE-2006-6470Dec 11, 2006
    risk 0.00cvss epss 0.01

    The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors. NOTE: due to the vagueness of the advisory, it is not…

  • CVE-2006-6473Dec 11, 2006
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User…

  • CVE-2006-6467Dec 11, 2006
    risk 0.00cvss epss 0.01

    Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not properly restrict access to SMB file resources, which allows remote attackers to gain unspecified file or directory access via vectors related to (1)…

  • CVE-2006-6433Dec 10, 2006
    risk 0.00cvss epss 0.01

    Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps.

  • CVE-2006-6436Dec 10, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Network controller in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to inject arbitrary web script or HTML via HTTP TRACE messages.

  • CVE-2006-6427Dec 10, 2006
    risk 0.00cvss epss 0.03

    The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname,…

  • CVE-2006-6437Dec 10, 2006
    risk 0.00cvss epss 0.01

    ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows attackers to cause a denial of service (application crash and core dump) via a certain PS file.

  • CVE-2006-6438Dec 10, 2006
    risk 0.00cvss epss 0.00

    Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file.

  • CVE-2006-6439Dec 10, 2006
    risk 0.00cvss epss 0.01

    Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to download the audit log and obtain potentially sensitive information via unspecified vectors.

  • CVE-2006-6430Dec 10, 2006
    risk 0.00cvss epss 0.01

    Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic.

  • CVE-2006-6440Dec 10, 2006
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to "HTTP Security issues."

  • CVE-2006-6435Dec 10, 2006
    risk 0.00cvss epss 0.01

    The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive…

  • CVE-2006-6434Dec 10, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to bypass authentication controls via unknown vectors.

  • CVE-2006-6431Dec 10, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors.

  • CVE-2006-6429Dec 10, 2006
    risk 0.00cvss epss 0.01

    Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the "TFTP/BOOTP auto configuration option."

  • CVE-2006-6432Dec 10, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Scan-to-mailbox feature in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to download certain files via unspecified vectors.

  • CVE-2006-6441Dec 10, 2006
    risk 0.00cvss epss 0.00

    Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows local users to bypass security controls and boot Alchemy via certain alternate boot media, as demonstrated by a USB thumb drive.

  • CVE-2006-6428Dec 10, 2006
    risk 0.00cvss epss 0.01

    Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allow remote attackers to gain access via unspecified vectors related to "browser permissions."

  • CVE-2006-5290Oct 13, 2006
    risk 0.00cvss epss 0.03

    The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname."

  • CVE-2006-1137Mar 10, 2006
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allow remote attackers to cause an unspecified denial of service via a crafted PostScript file that will (1)…

  • CVE-2006-1139Mar 10, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data…

  • CVE-2006-1136Mar 10, 2006
    risk 0.00cvss epss 0.03

    Buffer overflow in the PostScript file interpreter code for Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows attackers to cause a denial of service via unknown vectors.

  • CVE-2006-1138Mar 10, 2006
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors.