Vulnerabilities > Canon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-28 | CVE-2022-24673 | Out-of-bounds Write vulnerability in Canon products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. | 9.8 |
| 2023-03-28 | CVE-2022-24674 | Out-of-bounds Write vulnerability in Canon products This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. | 8.8 |
| 2022-12-09 | CVE-2022-38765 | Authorization Bypass Through User-Controlled Key vulnerability in Canon Vitrea View Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. | 6.5 |
| 2022-09-30 | CVE-2022-37461 | Cross-site Scripting vulnerability in Canon Medical Vitrea View Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. | 6.1 |
| 2022-04-25 | CVE-2022-26111 | Expression Language Injection vulnerability in Canon Irisnext 9.8.28 The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. | 8.8 |
| 2022-03-14 | CVE-2022-26320 | Use of Insufficiently Random Values vulnerability in multiple products The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. | 9.1 |
| 2022-02-08 | CVE-2021-20877 | Cross-site Scripting vulnerability in Canon products Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors. | 4.8 |
| 2021-12-06 | CVE-2021-43471 | Weak Password Requirements vulnerability in Canon Lbp223Dw Firmware In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. | 7.5 |
| 2021-08-29 | CVE-2021-38154 | Incorrect Permission Assignment for Critical Resource vulnerability in Canon - Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. | 7.5 |
| 2021-08-23 | CVE-2021-39367 | Improper Encoding or Escaping of Output vulnerability in Canon OCE Print Exec Workgroup 1.3.2 Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. | 5.3 |