Vulnerabilities > Lexmark
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-06 | CVE-2016-5646 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lexmark Perceptive Document Filters 11.2.0.1732 An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. | 6.8 |
| 2017-01-06 | CVE-2016-4336 | Out-of-bounds Write vulnerability in Lexmark Perceptive Document Filters An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. | 7.5 |
| 2017-01-06 | CVE-2016-4335 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lexmark Perceptive Document Filters An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. | 6.8 |
| 2016-04-22 | CVE-2016-3145 | Information Exposure vulnerability in Lexmark Printer Firmware Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. | 2.1 |
| 2016-01-27 | CVE-2016-1896 | Permissions, Privileges, and Access Controls vulnerability in Lexmark Printer Firmware Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status. | 10.0 |
| 2015-02-16 | CVE-2014-9375 | Path Traversal vulnerability in Lexmark Markvision Enterprise Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. | 9.0 |
| 2014-02-04 | CVE-2013-6033 | Cross-Site Scripting vulnerability in Lexmark products Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field. | 3.5 |
| 2014-02-04 | CVE-2013-6032 | Improper Input Validation vulnerability in Lexmark products cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter. | 10.0 |
| 2013-04-25 | CVE-2013-3055 | Permissions, Privileges, and Access Controls vulnerability in Lexmark Markvision Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors. | 9.3 |
| 2010-05-04 | CVE-2010-0101 | Improper Input Validation vulnerability in Lexmark products The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header. | 7.8 |