Vulnerabilities > Xerox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-04 | CVE-2019-18628 | Unspecified vulnerability in Xerox products Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure. | 4.9 |
| 2021-01-26 | CVE-2020-36201 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Xerox products An issue was discovered in certain Xerox WorkCentre products. | 7.5 |
| 2020-10-09 | CVE-2020-26162 | Cross-site Scripting vulnerability in Xerox products Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages. | 6.1 |
| 2020-04-29 | CVE-2016-11061 | OS Command Injection vulnerability in Xerox products Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device. | 9.8 |
| 2020-03-13 | CVE-2019-13172 | Classic Buffer Overflow vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device. | 9.8 |
| 2020-03-13 | CVE-2019-13171 | Out-of-bounds Write vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. | 9.8 |
| 2020-03-13 | CVE-2019-13170 | Cross-Site Request Forgery (CSRF) vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. | 6.5 |
| 2020-03-13 | CVE-2019-13169 | Classic Buffer Overflow vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device. | 9.8 |
| 2020-03-13 | CVE-2019-13168 | Classic Buffer Overflow vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. | 9.8 |
| 2020-03-13 | CVE-2019-13167 | Cross-site Scripting vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. | 6.1 |