FreeBSD : FreeBSD -- Insufficient oce(4) ioctl(2) privilege checking (3c10ccdf-6a09-11ea-92ab-00163e433440)

The driver-specific ioctl2 command handlers in oce4 failed to check whether the caller has sufficient privileges to perform the corresponding operation. Impact : The oce4 handler permits unprivileged users to send passthrough commands to device firmware. C Tenable Network Security, Inc. The...

Canon Oce Colorwave 500 Cross-Site Scripting Vulnerability (CNVD-2020-18989)

The Canon Oce Colorwave 500 is a printer from Canon Japan. A cross-site scripting vulnerability exists in the /TemplateManager/indexExternalLocation.jsp file of the web application in Canon Oce Colorwave 500 version 4.0.0.0. The vulnerability stems from the WEB application lacking proper validati...

CVE-2020-10669

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the late...

Authentication flaw

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the late...

CVE-2020-10669

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the late...

CVE-2020-10669

The Canon Oce Colorwave 500 printer web interface (version 4.0.0.0) is affected by CVE-2020-10669 due to an authentication bypass on /home.jsp. An unauthenticated attacker who can reach the device’s web UI can obtain copies of documents uploaded by users. The issue is confirmed in multiple source...

CVE-2020-10668

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version...

CVE-2020-10667

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is maptemplatename. NOTE: this is fixed in the latest version...

CVE-2020-10670

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version...

CVE-2020-10671

The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version...

Cross site request forgery (csrf)

The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version...

Cross site scripting

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is maptemplatename. NOTE: this is fixed in the latest version...

Cross site scripting

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version...

CVE-2020-10671

The CVE-2020-10671 entry concerns the Canon Oce Colorwave 500 printer (version 4.0.0.0). The web management interface is missing CSRF protections, enabling a logged-in administrator to be targeted by an attacker to perform administrative actions. The issue is described as system-wide and is noted...

CVE-2020-10671

The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version...

CVE-2020-10670

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the latest version...

CVE-2020-10670

The Canon Oce Colorwave 500 web application (version 4.0.0.0 ) is affected by CVE-2020-10670: a Reflected XSS in the settingId parameter of the settingDialogContent.jsp page. Root cause: lack of proper input validation/escaping on user-supplied data reflected in the response. Impact: potential cl...

CVE-2020-10668

The Canon Océ Colorwave 500 printer web app (version 4.0.0.0) is vulnerable to Reflected XSS in /home.jsp via the openSI parameter. Root cause is input from user-controlled parameter not being properly sanitized, per CVE-2020-10668. The issue is fixed in the latest version. If upgrading is possib...

CVE-2020-10667

Canon Oce Colorwave 500 printer web application (version 4.0.0.0) is affected by a Stored XSS in /TemplateManager/indexExternalLocation.jsp via the map(template_name) parameter. The root cause is insufficient input validation in the web interface, allowing injection of arbitrary client-side scrip...

CVE-2020-10667

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is maptemplatename. NOTE: this is fixed in the latest version...