Vulnerabilities > Canon > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-17 | CVE-2023-1763 | Insufficiently Protected Credentials vulnerability in Canon IJ Network Tool Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software. | 6.5 |
| 2023-05-17 | CVE-2023-1764 | Inadequate Encryption Strength vulnerability in Canon IJ Network Tool Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software. | 6.5 |
| 2023-05-11 | CVE-2023-0858 | Improper Authentication vulnerability in Canon products Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the product. | 5.3 |
| 2023-05-11 | CVE-2023-0859 | Unspecified vulnerability in Canon products Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(*). | 5.3 |
| 2022-12-09 | CVE-2022-38765 | Authorization Bypass Through User-Controlled Key vulnerability in Canon Vitrea View Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. | 6.5 |
| 2022-09-30 | CVE-2022-37461 | Cross-site Scripting vulnerability in Canon Medical Vitrea View Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. | 6.1 |
| 2022-02-08 | CVE-2021-20877 | Cross-site Scripting vulnerability in Canon products Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors. | 4.8 |
| 2021-08-23 | CVE-2021-39367 | Improper Encoding or Escaping of Output vulnerability in Canon OCE Print Exec Workgroup 1.3.2 Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. | 5.3 |
| 2021-08-23 | CVE-2021-39368 | Cross-site Scripting vulnerability in Canon OCE Print Exec Workgroup 1.3.2 Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter. | 6.1 |
| 2020-03-19 | CVE-2020-10670 | Cross-site Scripting vulnerability in Canon OCE Colorwave 500 Firmware 4.0.0.0 The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. | 6.1 |