Vulnerabilities > Canon > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-11 CVE-2023-0857 Unspecified vulnerability in Canon products
Unintentional change of settings during initial registration of system administrators which uses control protocols.
network
low complexity
canon
7.5
2023-03-29 CVE-2022-43608 Unspecified vulnerability in Canon Mf644Cdw Firmware 10.03
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.03 printers.
low complexity
canon
8.8
2023-03-28 CVE-2022-24672 Out-of-bounds Write vulnerability in Canon products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers.
low complexity
canon CWE-787
8.8
2023-03-28 CVE-2022-24674 Out-of-bounds Write vulnerability in Canon products
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers.
low complexity
canon CWE-787
8.8
2022-04-25 CVE-2022-26111 Expression Language Injection vulnerability in Canon Irisnext 9.8.28
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents.
network
low complexity
canon CWE-917
8.8
2021-12-06 CVE-2021-43471 Weak Password Requirements vulnerability in Canon Lbp223Dw Firmware
In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN.
network
low complexity
canon CWE-521
7.5
2021-08-29 CVE-2021-38154 Incorrect Permission Assignment for Critical Resource vulnerability in Canon -
Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker.
network
low complexity
canon CWE-732
7.5
2021-08-11 CVE-2021-38085 Incorrect Permission Assignment for Critical Resource vulnerability in Canon Pixma Tr150 Firmware 3.71.2.10
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue.
local
low complexity
canon CWE-732
7.8
2020-11-30 CVE-2020-16849 Unspecified vulnerability in Canon products
An issue was discovered on Canon MF237w 06.07 devices.
network
low complexity
canon
7.5
2020-06-08 CVE-2020-12695 Incorrect Default Permissions vulnerability in multiple products
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
7.5