CVE-2023-50738

A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified...

CVE-2023-50733

A Server-Side Request Forgery SSRF vulnerability has been identified in the Web Services feature of newer Lexmark devices...

CVE-2025-1126

A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client...

Lexmark Printers Race Condition (CVE-2020-35546)

A race condition exists while processing the state of the two security jumpers in an MX6500e. This can cause occasional misreads of the security jumper state during boot, causing the device to incorrectly believe the security jumper state has changed. The result is that security access controls m...

Lexmark Printers Stored Cross-site Scripting (CVE-2020-13481)

A stored cross site scripting vulnerability has been identified in the embedded web server used in Lexmark devices. The vulnerability can be used to attack the user’s browser, exposing session credentials and other information accessible to the browser. %NASLMINLEVEL 80900 C Tenable, Inc...

Lexmark Printers Denial of Service (CVE-2019-11358)

jQuery before 3.4.0 mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype. This can lead to a denial of service, remote code execution, or property injection...

Lexmark Printers Stack-based Buffer Overflow (CVE-2023-50734)

A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503885; scriptversion"1.4";...

Lexmark Printers Improper Input Validation (CVE-2023-26069)

An input validation vulnerability has been identified in the web API in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503901; scriptversion"1.3";...

Lexmark Printers Disclosure of Information (CVE-2019-1559)

A vulnerability in the TLS protocol in Lexmark devices has been identified that can be exploited by a “Man In The Middle” attacker to decrypt data in the TLS stream. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503882; scriptversion"1.3";...

Lexmark Printers Improper Input Validation (CVE-2023-26067)

A trusted internal component of Lexmark devices has an input validation vulnerability. This vulnerability can be leveraged by an attacker who has already compromised the device to escalate privileges. NOTE: This vulnerability cannot be used to compromise a device, it can only be used on a device...

Lexmark Printers Access of Resource Using Incompatible Type (CVE-2024-11346)

A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503884;...

Lexmark Printers Improper Input Validation (CVE-2023-26070)

An input validation vulnerability has been identified in the SNMP feature in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503895; scriptversion"1.3";...

Lexmark Printers Integer Overflow or Wraparound (CVE-2023-26065)

An integer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503905; scriptversion"1.3";...

Lexmark Printers Integer Overflow or Wraparound (CVE-2024-11347)

An integer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Lexmark Printers Improper Limitation of a Pathname to a Restricted Directory (CVE-2025-1127)

A combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503894...

Lexmark Printers Incorrect Calculation of Buffer Size (CVE-2023-50736)

A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503887; scriptversion"1.5";...

Lexmark Printers Improper Input Validation (CVE-2023-50737)

The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code. Lexmark documentation recommends that access to the SE menu be restricted to trusted personnel. %NASLMINLEVEL 80900...

Lexmark Printers Return of Pointer Value Outside of Expected Range (CVE-2024-11345)

A heap-based memory vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Lexmark Printers Heap-based Buffer Overflow (CVE-2023-50739)

A buffer overflow vulnerability has been identified in the Internet Printing Protocol IPP in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503889;...

Lexmark Printers Server-Side Request Forgery (CVE-2025-9269)

A Server-Side Request Forgery SSRF vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. CVSSv4 Base Score 6.9...