Lexmark Security Vulnerabilities
A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary...
9CVSS
9.4AI Score
0.001EPSS
A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary...
9CVSS
9.3AI Score
0.001EPSS
A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary...
9CVSS
9.4AI Score
0.001EPSS
The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary...
9.1CVSS
9.2AI Score
0.001EPSS
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of...
9.8CVSS
9.4AI Score
0.209EPSS
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of...
8.1CVSS
7.9AI Score
0.17EPSS
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80..P246, i.e., '' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to...
7.5CVSS
7.3AI Score
0.001EPSS
Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the...
9.8CVSS
9.8AI Score
0.015EPSS
Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across...
8.1CVSS
8AI Score
0.002EPSS
7.5CVSS
7.5AI Score
0.001EPSS
9.8CVSS
9.5AI Score
0.002EPSS
9.8CVSS
9.5AI Score
0.004EPSS
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of...
9.8CVSS
9.5AI Score
0.002EPSS
Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible...
9.8CVSS
9.4AI Score
0.003EPSS
9.8CVSS
9.5AI Score
0.003EPSS
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of...
9.8CVSS
9.5AI Score
0.003EPSS
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input...
9.8CVSS
9.3AI Score
0.003EPSS
7.5CVSS
7.5AI Score
0.001EPSS
The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization...
6.8AI Score
0.002EPSS
Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified...
7.3AI Score
0.004EPSS
9.8CVSS
9.6AI Score
0.031EPSS
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase”...
9.8CVSS
9.4AI Score
0.004EPSS
PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration...
8.8CVSS
8.6AI Score
0.002EPSS
Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript...
9.8CVSS
9.5AI Score
0.044EPSS
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during....
The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service...
7.8CVSS
8.2AI Score
0.0004EPSS
A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140...
5.4CVSS
5.3AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued...
5.4CVSS
5.3AI Score
0.001EPSS
Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web...
7.5CVSS
7.5AI Score
0.004EPSS
Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java...
8.8CVSS
9AI Score
0.004EPSS
Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email...
7.5CVSS
7.2AI Score
0.002EPSS
Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported...
5.3CVSS
5.1AI Score
0.001EPSS
Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files....
9.8CVSS
9.7AI Score
0.01EPSS
Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in...
5.4CVSS
5.3AI Score
0.001EPSS
Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in...
5.4CVSS
5.2AI Score
0.001EPSS
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web...
5.4CVSS
5.2AI Score
0.001EPSS
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified...
9.8CVSS
9.3AI Score
0.97EPSS
Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified...
7.5CVSS
7.3AI Score
0.019EPSS
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating...
7.5CVSS
7.4AI Score
0.297EPSS
Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the...
7.5CVSS
7.3AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.003EPSS
9.8CVSS
9.4AI Score
0.003EPSS
6.5CVSS
6.5AI Score
0.001EPSS
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark...
5.3CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
9.1CVSS
9.2AI Score
0.002EPSS
9.8CVSS
9.5AI Score
0.003EPSS
9.8CVSS
9.5AI Score
0.003EPSS