The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.
9.8CVSS
9.4AI Score
0.006EPSS
PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.
8.8CVSS
8.6AI Score
0.002EPSS
Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.
9.8CVSS
9.5AI Score
0.05EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.
8.1CVSS
8AI Score
0.002EPSS
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.
7.5CVSS
7.5AI Score
0.002EPSS
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.
9.8CVSS
9.3AI Score
0.003EPSS
Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.
9.8CVSS
9.4AI Score
0.004EPSS
9.8CVSS
9.5AI Score
0.004EPSS
9.8CVSS
9.5AI Score
0.004EPSS
Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.
9.8CVSS
9.5AI Score
0.003EPSS
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).
8.1CVSS
7.9AI Score
0.15EPSS
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).
9.8CVSS
9.4AI Score
0.244EPSS
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).
9.8CVSS
9.5AI Score
0.003EPSS
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).
9.8CVSS
9.5AI Score
0.003EPSS
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80..P246, i.e., ' ' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to re...
7.5CVSS
7.3AI Score
0.001EPSS