18 matches found
CVE-2019-19773
CVE-2019-19773 describes a stored cross-site scripting (XSS) vulnerability in the embedded web server of older Lexmark devices/printers. The issue arises from improper validation in web server handling of client data, leading to possible client-side code execution within affected interfaces. Mult...
CVE-2019-19772
CVE-2019-19772 affects Lexmark printers with an embedded web server that is vulnerable to reflected Cross-Site Scripting (XSS). Root cause: lack of proper validation of client-side data in the web application, enabling an attacker to inject and execute script in a user’s browser. Impact per sourc...
CVE-2019-10059
The CVE-2019-10059 entry concerns the legacy finger service (TCP port 79) enabled by default on various older Lexmark devices. Multiple connected sources confirm this configuration across Lexmark printers and related hardware, with no public exploit details provided in the supplied documents. The...
CVE-2019-9930
The connected OpenVAS/NASL entry for Lexmark printers (TE920) explicitly lists multiple Lexmark vulnerabilities, including buffer/overflow issues. It states there are overflows in the Lexmark Web Server and associates CVE-2019-9930 with these overflow conditions, alongside other related CVEs (e.g...
CVE-2019-9932
CVE-2019-9932 is a buffer overflow vulnerability affecting Lexmark printers, with a reported issue 2 of 3 in the broader set of Lexmark vulnerabilities. Multiple connected sources associate this CVE with buffer overflow conditions in Lexmark components (notably the Web Server) that could allow me...
CVE-2019-9933
CVE-2019-9933 affects Lexmark printers; multiple sources describe a Buffer Overflow vulnerability (issue 3 of 3) impacting Lexmark Web Server and related components. NVD lists a critical CVSS v3 base score of 9.8 with network access, no user interaction, and high impact to confidentiality, integr...
CVE-2019-9931
CVE-2019-9931 involves a denial-of-service flaw in the SNMP service of various Lexmark printers, allowing an attacker to crash the device. The connected Tenable/OpenVAS-derived entries and Red Hat/NVD references confirm the vulnerability affects Lexmark printers and is triggered via SNMP. The roo...
CVE-2019-10057
CVE-2019-10057 affects Lexmark printers (embedded web server) and is a CSRF vulnerability caused by lack of CSRF countermeasures. Publicly documented details among connected sources indicate that this CSRF could enable an attacker to modify settings or perform actions within an authenticated prin...
CVE-2021-44738
CVE-2021-44738 is a buffer-overflow vulnerability in Lexmark devices’ PostScript interpreter. Multiple sources (ZDI advisories and NVD) describe a write past the end of a buffer during PostScript data handling, enabling potential remote code execution on affected Lexmark printers (e.g., MC3224i) ...
CVE-2021-44734
CVE-2021-44734 affects Lexmark devices with an embedded web server input sanitization vulnerability that can lead to remote code execution. The issue is documented across multiple feeds (NVD, CVE lists, and vendor advisories) and is tied to Lexmark security alerts (e.g., CVE-2021-44734.pdf) and Z...
CVE-2019-18791
The CVE-2019-18791 issue affects Lexmark printer MS812 and older Lexmark devices, due to a stored XSS in the embedded web server. The root cause is insufficient validation of client-side data by the web application, allowing an attacker to expose session credentials and other information via the ...
CVE-2021-44737
Lexmark PJL path traversal (CVE-2021-44737) affects Lexmark printers (via PJL command handling) and can overwrite internal configuration files. The root cause is improper filtering of resource/file paths allowing directory traversal. In the Tenable ZDI advisory, it is described as a remote-code-e...
CVE-2019-10058
CVE-2019-10058 affects Lexmark printers; root cause is Incorrect Access Control due to lack of account lockout implemented on certain Lexmark devices. Documented across multiple sources (Threatpost/NVD) with references to Lexmark-specific advisories and NCC Group findings. Impact is described as ...
CVE-2020-10093
CVE-2020-10093 is a cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued Lexmark products. The underlying cause is insufficient validation of client-side data by the WEB application, enabling a malicious input to be reflected or executed in the context o...
CVE-2019-9935
Mode C: CVE-2019-9935 affects Lexmark printers and is described as an Incorrect Access Control vulnerability leading to missing authentication for critical functions. Connected sources reference unauthenticated access to restricted menus and critical functions across various Lexmark devices, with...
CVE-2023-40239
Vulnerability: CVE-2023-40239 affects Lexmark devices (e.g., CS310) prior to 2023-08-25, enabling XML External Entity (XXE) attacks that can disclose information. Root cause / impact: XXE processing flaw in affected firmware leading to information disclosure; no exploit details provided in the do...
CVE-2020-10094
CVE-2020-10094 is a cross-site scripting (XSS) vulnerability in Lexmark printers. The affected line items include Lexmark CS31x, CS41x, CS51x, CX310, CX410, XC2130, CX510, XC2132, MS310/312/317, MS410, M1140, MS315/415/417, MS51x/610dn/617, M1145, M3150dn, MS610de, M3150, MS71x, M5163dn, and vari...
CVE-2019-9934
CVE-2019-9934 affects various Lexmark printers with an Incorrect Access Control flaw (also described as missing authentication for critical functions). Connected sources consistently identify unauthenticated access to restricted menus and functions as the issue, implying potential disclosure or m...