Vulnerabilities > Canon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-25 | CVE-2022-26111 | Expression Language Injection vulnerability in Canon Irisnext 9.8.28 The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. | 8.8 |
| 2022-03-14 | CVE-2022-26320 | Use of Insufficiently Random Values vulnerability in multiple products The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. | 6.4 |
| 2022-02-08 | CVE-2021-20877 | Cross-site Scripting vulnerability in Canon products Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors. | 3.5 |
| 2021-12-06 | CVE-2021-43471 | Weak Password Requirements vulnerability in Canon Lbp223Dw Firmware In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. | 7.8 |
| 2021-08-29 | CVE-2021-38154 | Incorrect Permission Assignment for Critical Resource vulnerability in Canon - Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. | 4.3 |
| 2021-08-23 | CVE-2021-39367 | Improper Encoding or Escaping of Output vulnerability in Canon OCE Print Exec Workgroup 1.3.2 Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. | 5.0 |
| 2021-08-23 | CVE-2021-39368 | Cross-site Scripting vulnerability in Canon OCE Print Exec Workgroup 1.3.2 Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter. | 4.3 |
| 2021-08-11 | CVE-2021-38085 | Incorrect Permission Assignment for Critical Resource vulnerability in Canon Pixma Tr150 Firmware 3.71.2.10 The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. | 7.2 |
| 2020-11-30 | CVE-2020-16849 | Unspecified vulnerability in Canon products An issue was discovered on Canon MF237w 06.07 devices. | 5.0 |
| 2020-11-16 | CVE-2020-26508 | Insufficiently Protected Credentials vulnerability in Canon OCE Colorwave 3500 Firmware 5.1.1.0 The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI. | 5.0 |