Vulnerabilities > Lexmark > Cx860 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-01-23 CVE-2023-22960 Improper Restriction of Excessive Authentication Attempts vulnerability in Lexmark products
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.
network
low complexity
lexmark CWE-307
7.5
2023-01-23 CVE-2023-23560 Server-Side Request Forgery (SSRF) vulnerability in Lexmark products
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.
network
low complexity
lexmark CWE-918
critical
9.8
2022-08-26 CVE-2022-29850 Exposure of Resource to Wrong Sphere vulnerability in Lexmark products
Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.
network
high complexity
lexmark CWE-668
8.1
2022-01-20 CVE-2021-44734 Code Injection vulnerability in Lexmark products
Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.
network
low complexity
lexmark CWE-94
critical
9.8
2022-01-20 CVE-2021-44735 Command Injection vulnerability in Lexmark products
Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.
network
low complexity
lexmark CWE-77
critical
9.8
2022-01-20 CVE-2021-44737 Path Traversal vulnerability in Lexmark products
PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.
low complexity
lexmark CWE-22
8.8
2022-01-20 CVE-2021-44738 Classic Buffer Overflow vulnerability in Lexmark products
Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.
network
low complexity
lexmark CWE-120
critical
9.8
2019-06-28 CVE-2018-15520 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lexmark products
Various Lexmark devices have a Buffer Overflow (issue 2 of 2).
network
low complexity
lexmark CWE-119
critical
9.8
2019-03-12 CVE-2018-17944 Information Exposure vulnerability in Lexmark products
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there.
network
low complexity
lexmark CWE-200
4.9