Lexmark: Security Vulnerabilities
Various Lexmark products have Incorrect Access Control (issue 1 of 2).
CVSS Score
5.3
EPSS Score
0.002
Published
2019-08-28
Various Lexmark products have Incorrect Access Control.
CVSS Score
9.1
EPSS Score
0.003
Published
2019-08-28
Various Lexmark devices have a Buffer Overflow (issue 1 of 2).
CVSS Score
9.8
EPSS Score
0.005
Published
2019-06-28
Various Lexmark devices have a Buffer Overflow (issue 2 of 2).
CVSS Score
9.8
EPSS Score
0.005
Published
2019-06-28
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change.
CVSS Score
4.9
EPSS Score
0.003
Published
2019-03-12
Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-02-11 allow remote attackers to erase stored shortcuts.
CVSS Score
5.3
EPSS Score
0.006
Published
2019-02-11
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.
CVSS Score
9.8
EPSS Score
0.015
Published
2017-09-07
An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.
CVSS Score
8.8
EPSS Score
0.008
Published
2017-09-05
An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-09-05
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400
CVSS Score
4.3
EPSS Score
0.002
Published
2017-04-20