Vulnerabilities > Lexmark
|2022-04-28||CVE-2022-24935|| Incorrect Authorization vulnerability in Lexmark Firmware |
Lexmark products through 2022-02-10 have Incorrect Access Control.
| 5.0 |
|2022-01-20||CVE-2021-44734|| Improper Input Validation vulnerability in Lexmark products |
Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.
| 10.0 |
|2022-01-20||CVE-2021-44735|| Command Injection vulnerability in Lexmark products |
Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.
| 10.0 |
|2022-01-20||CVE-2021-44736|| Improper Authentication vulnerability in Lexmark Mc3224I Firmware |
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.
| 10.0 |
|2022-01-20||CVE-2021-44737|| Path Traversal vulnerability in Lexmark products |
PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.
| 8.3 |
|2022-01-20||CVE-2021-44738|| Classic Buffer Overflow vulnerability in Lexmark products |
Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.
| 10.0 |
|2021-07-19||CVE-2021-35449|| Incorrect Permission Assignment for Critical Resource vulnerability in Lexmark products |
The Lexmark Universal Print Driver version 18.104.22.168 and below, G2 driver 22.214.171.124 and below, G3 driver 126.96.36.199 and below, and G4 driver 188.8.131.52 and below are affected by a privilege escalation vulnerability.
| 7.2 |
|2021-07-14||CVE-2021-35469|| Unquoted Search Path or Element vulnerability in Lexmark products |
The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.
| 7.2 |
|2020-04-28||CVE-2020-10094|| Cross-site Scripting vulnerability in Lexmark products |
A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier.
| 3.5 |
|2020-04-28||CVE-2020-10093|| Cross-site Scripting vulnerability in Lexmark products |
A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued products.
| 3.5 |