Vulnerabilities > Lexmark

DATE CVE VULNERABILITY TITLE RISK
2023-01-23 CVE-2023-23560 Server-Side Request Forgery (SSRF) vulnerability in Lexmark products
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.
network
low complexity
lexmark CWE-918
critical
9.8
2022-08-26 CVE-2022-29850 Exposure of Resource to Wrong Sphere vulnerability in Lexmark products
Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.
network
high complexity
lexmark CWE-668
8.1
2022-04-28 CVE-2022-24935 Missing Authentication for Critical Function vulnerability in Lexmark Firmware
Lexmark products through 2022-02-10 have Incorrect Access Control.
network
low complexity
lexmark CWE-306
7.5
2022-01-20 CVE-2021-44734 Code Injection vulnerability in Lexmark products
Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.
network
low complexity
lexmark CWE-94
critical
9.8
2022-01-20 CVE-2021-44735 Command Injection vulnerability in Lexmark products
Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.
network
low complexity
lexmark CWE-77
critical
9.8
2022-01-20 CVE-2021-44736 Improper Authentication vulnerability in Lexmark Mc3224I Firmware
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.
network
low complexity
lexmark CWE-287
critical
9.8
2022-01-20 CVE-2021-44737 Path Traversal vulnerability in Lexmark products
PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.
low complexity
lexmark CWE-22
8.8
2022-01-20 CVE-2021-44738 Classic Buffer Overflow vulnerability in Lexmark products
Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.
network
low complexity
lexmark CWE-120
critical
9.8
2021-07-19 CVE-2021-35449 Incorrect Permission Assignment for Critical Resource vulnerability in Lexmark products
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability.
local
low complexity
lexmark CWE-732
7.8
2021-07-14 CVE-2021-35469 Unquoted Search Path or Element vulnerability in Lexmark products
The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.
local
low complexity
lexmark CWE-428
7.8