Vulnerabilities > Xerox

DATE CVE VULNERABILITY TITLE RISK
2019-12-18 CVE-2019-19832 Cross-Site Request Forgery (CSRF) vulnerability in Xerox Altalink C8035 Firmware
Xerox AltaLink C8035 printers allow CSRF.
network
xerox CWE-352
6.8
2019-10-04 CVE-2019-17184 Unspecified vulnerability in Xerox Atlalink Firmware
Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges.
network
low complexity
xerox
7.5
2019-05-13 CVE-2018-15530 Cross-site Scripting vulnerability in Xerox Colorqube 8580 Firmware
Cross-site scripting (XSS) in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code.
network
xerox CWE-79
4.3
2019-04-12 CVE-2019-10880 OS Command Injection vulnerability in Xerox products
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface).
network
low complexity
xerox CWE-78
critical
10.0
2019-02-10 CVE-2018-20771 Improper Input Validation vulnerability in Xerox products
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000.
network
low complexity
xerox CWE-20
7.5
2019-02-10 CVE-2018-20770 SQL Injection vulnerability in Xerox products
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000.
network
low complexity
xerox CWE-89
7.5
2019-02-10 CVE-2018-20769 Path Traversal vulnerability in Xerox products
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000.
network
low complexity
xerox CWE-22
5.0
2019-02-10 CVE-2018-20768 Code Injection vulnerability in Xerox products
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000.
network
low complexity
xerox CWE-94
7.5
2019-02-10 CVE-2018-20767 Improper Input Validation vulnerability in Xerox products
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000.
network
low complexity
xerox CWE-20
6.5
2019-01-03 CVE-2018-17172 Command Injection vulnerability in Xerox products
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.
network
low complexity
xerox CWE-77
7.5