17 matches found
CVE-2019-19773
CVE-2019-19773 describes a stored cross-site scripting (XSS) vulnerability in the embedded web server of older Lexmark devices/printers. The issue arises from improper validation in web server handling of client data, leading to possible client-side code execution within affected interfaces. Mult...
CVE-2019-19772
CVE-2019-19772 affects Lexmark printers with an embedded web server that is vulnerable to reflected Cross-Site Scripting (XSS). Root cause: lack of proper validation of client-side data in the web application, enabling an attacker to inject and execute script in a user’s browser. Impact per sourc...
CVE-2019-10059
The CVE-2019-10059 entry concerns the legacy finger service (TCP port 79) enabled by default on various older Lexmark devices. Multiple connected sources confirm this configuration across Lexmark printers and related hardware, with no public exploit details provided in the supplied documents. The...
CVE-2019-9930
The connected OpenVAS/NASL entry for Lexmark printers (TE920) explicitly lists multiple Lexmark vulnerabilities, including buffer/overflow issues. It states there are overflows in the Lexmark Web Server and associates CVE-2019-9930 with these overflow conditions, alongside other related CVEs (e.g...
CVE-2019-9931
CVE-2019-9931 involves a denial-of-service flaw in the SNMP service of various Lexmark printers, allowing an attacker to crash the device. The connected Tenable/OpenVAS-derived entries and Red Hat/NVD references confirm the vulnerability affects Lexmark printers and is triggered via SNMP. The roo...
CVE-2019-9933
CVE-2019-9933 affects Lexmark printers; multiple sources describe a Buffer Overflow vulnerability (issue 3 of 3) impacting Lexmark Web Server and related components. NVD lists a critical CVSS v3 base score of 9.8 with network access, no user interaction, and high impact to confidentiality, integr...
CVE-2019-9932
CVE-2019-9932 is a buffer overflow vulnerability affecting Lexmark printers, with a reported issue 2 of 3 in the broader set of Lexmark vulnerabilities. Multiple connected sources associate this CVE with buffer overflow conditions in Lexmark components (notably the Web Server) that could allow me...
CVE-2021-44738
CVE-2021-44738 is a buffer-overflow vulnerability in Lexmark devices’ PostScript interpreter. Multiple sources (ZDI advisories and NVD) describe a write past the end of a buffer during PostScript data handling, enabling potential remote code execution on affected Lexmark printers (e.g., MC3224i) ...
CVE-2021-44734
CVE-2021-44734 affects Lexmark devices with an embedded web server input sanitization vulnerability that can lead to remote code execution. The issue is documented across multiple feeds (NVD, CVE lists, and vendor advisories) and is tied to Lexmark security alerts (e.g., CVE-2021-44734.pdf) and Z...
CVE-2019-18791
The CVE-2019-18791 issue affects Lexmark printer MS812 and older Lexmark devices, due to a stored XSS in the embedded web server. The root cause is insufficient validation of client-side data by the web application, allowing an attacker to expose session credentials and other information via the ...
CVE-2021-44737
Lexmark PJL path traversal (CVE-2021-44737) affects Lexmark printers (via PJL command handling) and can overwrite internal configuration files. The root cause is improper filtering of resource/file paths allowing directory traversal. In the Tenable ZDI advisory, it is described as a remote-code-e...
CVE-2019-10058
CVE-2019-10058 affects Lexmark printers; root cause is Incorrect Access Control due to lack of account lockout implemented on certain Lexmark devices. Documented across multiple sources (Threatpost/NVD) with references to Lexmark-specific advisories and NCC Group findings. Impact is described as ...
CVE-2018-18894
CVE-2018-18894 affects older Lexmark devices (C, M, X, and 6500e) with firmware prior to 2018-12-18. The issue is a directory traversal vulnerability in the devices’ embedded web server, allowing path traversal to access files beyond intended scope. The available sources describe the vulnerabilit...
CVE-2020-10093
CVE-2020-10093 is a cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued Lexmark products. The underlying cause is insufficient validation of client-side data by the WEB application, enabling a malicious input to be reflected or executed in the context o...
CVE-2023-40239
Vulnerability: CVE-2023-40239 affects Lexmark devices (e.g., CS310) prior to 2023-08-25, enabling XML External Entity (XXE) attacks that can disclose information. Root cause / impact: XXE processing flaw in affected firmware leading to information disclosure; no exploit details provided in the do...
CVE-2019-6489
The vulnerability CVE-2019-6489 affects Lexmark devices: CX, MX, X, XC, XM, XS, and 6500e printers. The public description states that, prior to 2019-02-11, remote attackers could erase stored shortcuts, implying an issue with how input is handled by the device. Connected sources align on the sam...
CVE-2020-10094
CVE-2020-10094 is a cross-site scripting (XSS) vulnerability in Lexmark printers. The affected line items include Lexmark CS31x, CS41x, CS51x, CX310, CX410, XC2130, CX510, XC2132, MS310/312/317, MS410, M1140, MS315/415/417, MS51x/610dn/617, M1145, M3150dn, MS610de, M3150, MS71x, M5163dn, and vari...