Vulnerabilities > Xerox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-13 | CVE-2019-13166 | Improper Restriction of Excessive Authentication Attempts vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. | 7.5 |
| 2020-03-13 | CVE-2019-13165 | Classic Buffer Overflow vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. | 9.8 |
| 2020-02-21 | CVE-2020-9330 | Missing Authentication for Critical Function vulnerability in Xerox products Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. | 8.8 |
| 2020-02-13 | CVE-2013-6362 | Use of Hard-coded Credentials vulnerability in Xerox products Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. | 9.8 |
| 2019-12-18 | CVE-2019-19832 | Cross-Site Request Forgery (CSRF) vulnerability in Xerox Altalink C8035 Firmware Xerox AltaLink C8035 printers allow CSRF. | 8.8 |
| 2019-10-04 | CVE-2019-17184 | Unspecified vulnerability in Xerox Atlalink Firmware Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges. | 9.8 |
| 2019-05-13 | CVE-2018-15530 | Cross-site Scripting vulnerability in Xerox Colorqube 8580 Firmware Cross-site scripting (XSS) in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code. | 6.1 |
| 2019-04-12 | CVE-2019-10880 | OS Command Injection vulnerability in Xerox products Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). | 9.8 |
| 2019-02-10 | CVE-2018-20771 | Improper Input Validation vulnerability in Xerox products An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. | 9.8 |
| 2019-02-10 | CVE-2018-20770 | SQL Injection vulnerability in Xerox products An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. | 9.8 |