Filtered by vendor Xerox
Subscribe
Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28673 | 1 Xerox | 46 Phaser 6510, Phaser 6510 Firmware, Versalink B400 and 43 more | 2021-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before 33.61.23 and 33.59.01 (Bridge), B7025/30/35 before 58.61.23 and 58.59.11 (Bridge), C400 before 67.61.23 and 67.59.01 (Bridge), C405 before 68.61.23 and 68.59.01 (Bridge), C500/C600 before 61.61.23 and 61.59.01 (Bridge), C505/C605 before 62.61.23 and 62.59.11 (Bridge), C7000 before 56.61.23 and 56.59.01 (Bridge), C7020/25/30 before 57.61.23 and 57.59.01 (Bridge), C8000/C9000 before 70.61.23 and 70.59.01 (Bridge), allows remote attackers with "a weaponized clone file" to execute arbitrary commands in the Web User Interface. | |||||
| CVE-2021-28668 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2021-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities. | |||||
| CVE-2021-28669 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2021-04-01 | 5.0 MEDIUM | 7.5 HIGH |
| Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights. | |||||
| CVE-2021-28670 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2021-04-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk. | |||||
| CVE-2019-18629 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2021-03-11 | 6.8 MEDIUM | 8.1 HIGH |
| Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key. | |||||
| CVE-2019-18628 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2021-03-05 | 4.0 MEDIUM | 4.9 MEDIUM |
| Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure. | |||||
| CVE-2020-26162 | 1 Xerox | 4 Workcentre Ec7836, Workcentre Ec7836 Firmware, Workcentre Ec7856 and 1 more | 2020-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages. | |||||
| CVE-2019-13166 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks. | |||||
| CVE-2019-17184 | 1 Xerox | 11 Atlalink B8045, Atlalink B8055, Atlalink B8065 and 8 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges. | |||||
| CVE-2018-20769 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability. | |||||
| CVE-2016-11061 | 1 Xerox | 50 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 47 more | 2020-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device. | |||||
| CVE-2019-13165 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device. | |||||
| CVE-2019-13167 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. | |||||
| CVE-2019-13168 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device. | |||||
| CVE-2019-13169 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2019-13171 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly. | |||||
| CVE-2019-13172 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-18 | 10.0 HIGH | 9.8 CRITICAL |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2019-13170 | 1 Xerox | 2 Phaser 3320, Phaser 3320 Firmware | 2020-03-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. | |||||
| CVE-2013-6362 | 1 Xerox | 24 Colorqube 9201, Colorqube 9201 Firmware, Colorqube 9202 and 21 more | 2020-02-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. | |||||
| CVE-2019-19832 | 1 Xerox | 2 Altalink C8035, Altalink C8035 Firmware | 2019-12-23 | 6.8 MEDIUM | 8.8 HIGH |
| Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.) | |||||