Vulnerabilities > Canon > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-11 | CVE-2023-0854 | Out-of-bounds Write vulnerability in Canon products Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. | 9.8 |
| 2023-05-11 | CVE-2023-0855 | Out-of-bounds Write vulnerability in Canon products Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. | 9.8 |
| 2023-05-11 | CVE-2023-0856 | Out-of-bounds Write vulnerability in Canon products Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. | 9.8 |
| 2023-03-28 | CVE-2022-24673 | Out-of-bounds Write vulnerability in Canon products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. | 9.8 |
| 2022-03-14 | CVE-2022-26320 | Use of Insufficiently Random Values vulnerability in multiple products The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. | 9.1 |
| 2020-11-16 | CVE-2020-26508 | Insufficiently Protected Credentials vulnerability in Canon OCE Colorwave 3500 Firmware 5.1.1.0 The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI. | 9.8 |
| 2018-06-08 | CVE-2018-12049 | Improper Authentication vulnerability in Canon Lbp6030W Firmware A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. | 9.8 |
| 2018-06-08 | CVE-2018-12048 | Improper Authentication vulnerability in Canon Lbp7110Cw Firmware A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. | 9.8 |
| 2018-06-04 | CVE-2018-11711 | Improper Authentication vulnerability in Canon Mf210 Firmware and Mf220 Firmware A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. | 9.8 |
| 2018-06-04 | CVE-2018-11692 | Improper Authentication vulnerability in Canon products An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. | 9.8 |