Vulnerabilities > Canon

DATE CVE VULNERABILITY TITLE RISK
2022-04-25 CVE-2022-26111 Expression Language Injection vulnerability in Canon Irisnext 9.8.28
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents.
network
low complexity
canon CWE-917
8.8
2022-03-14 CVE-2022-26320 Use of Insufficiently Random Values vulnerability in multiple products
The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method.
network
low complexity
rambus fujifilm canon CWE-330
critical
9.1
2022-02-08 CVE-2021-20877 Cross-site Scripting vulnerability in Canon products
Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.
network
canon CWE-79
3.5
2021-12-06 CVE-2021-43471 Weak Password Requirements vulnerability in Canon Lbp223Dw Firmware
In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN.
network
low complexity
canon CWE-521
7.8
2021-08-29 CVE-2021-38154 Incorrect Permission Assignment for Critical Resource vulnerability in Canon -
Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker.
network
canon CWE-732
4.3
2021-08-23 CVE-2021-39367 Improper Encoding or Escaping of Output vulnerability in Canon OCE Print Exec Workgroup 1.3.2
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection.
network
low complexity
canon CWE-116
5.0
2021-08-23 CVE-2021-39368 Cross-site Scripting vulnerability in Canon OCE Print Exec Workgroup 1.3.2
Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter.
network
canon CWE-79
4.3
2021-08-11 CVE-2021-38085 Incorrect Permission Assignment for Critical Resource vulnerability in Canon Pixma Tr150 Firmware 3.71.2.10
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue.
local
low complexity
canon CWE-732
7.2
2020-11-30 CVE-2020-16849 Unspecified vulnerability in Canon products
An issue was discovered on Canon MF237w 06.07 devices.
network
low complexity
canon
5.0
2020-11-16 CVE-2020-26508 Insufficiently Protected Credentials vulnerability in Canon OCE Colorwave 3500 Firmware 5.1.1.0
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.
network
low complexity
canon CWE-522
5.0