Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-6032

Summary
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
Published At-04 Feb, 2014 | 02:00
Updated At-06 Aug, 2024 | 17:29
Rejected At-
Credits

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:certcc
Assigner Org ID:37e5125f-f79b-445b-8fad-9564f167944b
Published At:04 Feb, 2014 | 02:00
Updated At:06 Aug, 2024 | 17:29
Rejected At:
▼CVE Numbering Authority (CNA)

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.kb.cert.org/vuls/id/108062
third-party-advisory
x_refsource_CERT-VN
http://support.lexmark.com/index?page=content&id=TE586
x_refsource_CONFIRM
Hyperlink: http://www.kb.cert.org/vuls/id/108062
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://support.lexmark.com/index?page=content&id=TE586
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.kb.cert.org/vuls/id/108062
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://support.lexmark.com/index?page=content&id=TE586
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/108062
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://support.lexmark.com/index?page=content&id=TE586
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cret@cert.org
Published At:04 Feb, 2014 | 05:39
Updated At:11 Apr, 2025 | 00:51

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Lexmark International, Inc.
lexmark
>>25xxn>>Versions up to lcl.cu.p114(inclusive)
cpe:2.3:h:lexmark:25xxn:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>c52x>>Versions up to ls.fa.p150(inclusive)
cpe:2.3:h:lexmark:c52x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>c53x>>Versions up to ls.sw.p069(inclusive)
cpe:2.3:h:lexmark:c53x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>c77x>>Versions up to lc.cm.p052(inclusive)
cpe:2.3:h:lexmark:c77x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>c78x>>Versions up to lc.io.p187(inclusive)
cpe:2.3:h:lexmark:c78x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>c920>>Versions up to ls.ta.p152(inclusive)
cpe:2.3:h:lexmark:c920:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>c935dn>>Versions up to lc.jo.p091(inclusive)
cpe:2.3:h:lexmark:c935dn:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>e250>>Versions up to le.pm.p126(inclusive)
cpe:2.3:h:lexmark:e250:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>e350>>Versions up to le.ph.p129(inclusive)
cpe:2.3:h:lexmark:e350:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>e450>>Versions up to lm.sz.p124(inclusive)
cpe:2.3:h:lexmark:e450:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>n4000>>Versions up to lc.md.p119(inclusive)
cpe:2.3:h:lexmark:n4000:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>n4050e>>Versions up to go.go.n206(inclusive)
cpe:2.3:h:lexmark:n4050e:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>n70xxe>>Versions up to lc.co.n309(inclusive)
cpe:2.3:h:lexmark:n70xxe:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>t64x>>Versions up to ls.st.p343(inclusive)
cpe:2.3:h:lexmark:t64x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>w840>>Versions up to ls.ha.p252(inclusive)
cpe:2.3:h:lexmark:w840:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x642>>Versions up to lc2.mb.p318(inclusive)
cpe:2.3:h:lexmark:x642:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x644>>Versions up to lc4.be.p487(inclusive)
cpe:2.3:h:lexmark:x644:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x646>>Versions up to lc2.mc.p373(inclusive)
cpe:2.3:h:lexmark:x646:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x64xef>>Versions up to lc2.ti.p325(inclusive)
cpe:2.3:h:lexmark:x64xef:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x772>>Versions up to lc2.tr.p291(inclusive)
cpe:2.3:h:lexmark:x772:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x78x>>Versions up to lc2.io.p335(inclusive)
cpe:2.3:h:lexmark:x78x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x85x>>Versions up to lc4.be.p487(inclusive)
cpe:2.3:h:lexmark:x85x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x94x>>Versions up to lc.br.p141(inclusive)
cpe:2.3:h:lexmark:x94x:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://support.lexmark.com/index?page=content&id=TE586cret@cert.org
N/A
http://www.kb.cert.org/vuls/id/108062cret@cert.org
US Government Resource
http://support.lexmark.com/index?page=content&id=TE586af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/108062af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Hyperlink: http://support.lexmark.com/index?page=content&id=TE586
Source: cret@cert.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/108062
Source: cret@cert.org
Resource:
US Government Resource
Hyperlink: http://support.lexmark.com/index?page=content&id=TE586
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/108062
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

377Records found
CVE-2014-8741
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-70.35% / 98.65%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:29
Updated-06 Aug, 2024 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-markvision_enterprisen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-9932
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.45%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 21:36
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various Lexmark products have a Buffer Overflow (issue 2 of 3).

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-ms812de_firmwarem1145_firmwarex65xc746ms415_firmwarec748m5163dn_firmwarex95x_firmwaree46x_firmwaremx510ms812_firmwaremx6500e_firmwarex792_firmwarems610dnms610dn_firmwarecs748_firmwarec925_firmwarec746_firmwarec792_firmwarexs925ms810de_firmwarems315x548_firmwarexm91xc736_firmwarecs41x_firmwarexm3150_firmwarexm51xxm5163_firmwarem5170_firmwarexm71xxms415w850c734cs796_firmwarecx310xm1135_firmwarems810_firmwarexs95xmx410_firmwarex95xms817_firmwarems51xc950xs79xms810ms417ms817mx91x_firmwarex74xc734_firmwarexs95x_firmwarecs748x65x_firmwarex46x_firmwarems811xs748x46xmx91xms317ms310_firmwarex74x_firmwaremx31xms410_firmwarew850_firmwaremx510_firmwarems317_firmwarem3150dn_firmwarec792ms810demx611mx410ms410c748_firmwarem1140_firmwarems811_firmwarem5155_firmwarex86x_firmwarems818_firmwarec950_firmwaremx6500ecx310_firmwaremx71x_firmwaremx81xxs548_firmwarecs31xcs796ms312_firmwarems71x_firmwarems71xms91x_firmwaremx81x_firmwarexm91x_firmwarexs79x_firmwarems617_firmwarex925xs925_firmwarex73x_firmwaremx31x_firmwarems617cs31x_firmwarem5170ms312xm1135xm3150xm51xx_firmwarem1140mx610_firmwarexs748_firmwarecs41xe46xm3150dnms417_firmwarem5163ms51x_firmwarex548x73xm5155ms812dex86xms91x6500ec925m1145m5163dnxm71xx_firmwarems812ms8186500e_firmwarex792c736ms310mx71xms315_firmwaremx610t65x_firmwaremx511xs548x925_firmwaremx511_firmwaret65xmx611_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-9930
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.85%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 21:35
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various Lexmark products have an Integer Overflow.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-ms812de_firmwarem1145_firmwarex65xc746ms415_firmwarec748m5163dn_firmwarex95x_firmwaree46x_firmwaremx510ms812_firmwaremx6500e_firmwarex792_firmwarems610dnms610dn_firmwarecs748_firmwarec925_firmwarec746_firmwarec792_firmwarexs925ms810de_firmwarems315x548_firmwarexm91xc736_firmwarecs41x_firmwarexm3150_firmwarexm51xxm5163_firmwarem5170_firmwarexm71xxms415w850c734cs796_firmwarecx310xm1135_firmwarems810_firmwarexs95xmx410_firmwarex95xms817_firmwarems51xc950xs79xms810ms417ms817mx91x_firmwarex74xc734_firmwarexs95x_firmwarecs748x65x_firmwarex46x_firmwarems811xs748x46xmx91xms317ms310_firmwarex74x_firmwaremx31xms410_firmwarew850_firmwaremx510_firmwarems317_firmwarem3150dn_firmwarec792ms810demx611mx410ms410c748_firmwarem1140_firmwarems811_firmwarem5155_firmwarex86x_firmwarems818_firmwarec950_firmwaremx6500ecx310_firmwaremx71x_firmwaremx81xxs548_firmwarecs31xcs796ms312_firmwarems71x_firmwarems71xms91x_firmwaremx81x_firmwarexm91x_firmwarexs79x_firmwarems617_firmwarex925xs925_firmwarex73x_firmwaremx31x_firmwarems617cs31x_firmwarem5170ms312xm1135xm3150xm51xx_firmwarem1140mx610_firmwarexs748_firmwarecs41xe46xm3150dnms417_firmwarem5163ms51x_firmwarex548x73xm5155ms812dex86xms91x6500ec925m1145m5163dnxm71xx_firmwarems812ms8186500e_firmwarex792c736ms310mx71xms315_firmwaremx610t65x_firmwaremx511xs548x925_firmwaremx511_firmwaret65xmx611_firmwaren/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9933
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.45%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 21:37
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various Lexmark products have a Buffer Overflow (issue 3 of 3).

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-ms812de_firmwarem1145_firmwarex65xc746ms415_firmwarec748m5163dn_firmwarex95x_firmwaree46x_firmwaremx510ms812_firmwaremx6500e_firmwarex792_firmwarems610dnms610dn_firmwarecs748_firmwarec925_firmwarec746_firmwarec792_firmwarexs925ms810de_firmwarems315x548_firmwarexm91xc736_firmwarecs41x_firmwarexm3150_firmwarexm51xxm5163_firmwarem5170_firmwarexm71xxms415w850c734cs796_firmwarecx310xm1135_firmwarems810_firmwarexs95xmx410_firmwarex95xms817_firmwarems51xc950xs79xms810ms417ms817mx91x_firmwarex74xc734_firmwarexs95x_firmwarecs748x65x_firmwarex46x_firmwarems811xs748x46xmx91xms317ms310_firmwarex74x_firmwaremx31xms410_firmwarew850_firmwaremx510_firmwarems317_firmwarem3150dn_firmwarec792ms810demx611mx410ms410c748_firmwarem1140_firmwarems811_firmwarem5155_firmwarex86x_firmwarems818_firmwarec950_firmwaremx6500ecx310_firmwaremx71x_firmwaremx81xxs548_firmwarecs31xcs796ms312_firmwarems71x_firmwarems71xms91x_firmwaremx81x_firmwarexm91x_firmwarexs79x_firmwarems617_firmwarex925xs925_firmwarex73x_firmwaremx31x_firmwarems617cs31x_firmwarem5170ms312xm1135xm3150xm51xx_firmwarem1140mx610_firmwarexs748_firmwarecs41xe46xm3150dnms417_firmwarem5163ms51x_firmwarex548x73xm5155ms812dex86xms91x6500ec925m1145m5163dnxm71xx_firmwarems812ms8186500e_firmwarex792c736ms310mx71xms315_firmwaremx610t65x_firmwaremx511xs548x925_firmwaremx511_firmwaret65xmx611_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-44735
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-11.20% / 93.34%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 16:07
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-xm1242_firmwaremx331_firmwarexc4240xc8155cs725mx321_firmwarexm7370mc2640_firmwarecs927_firmwarexm1246xc9245mc2535mb2442_firmwarexc6153_firmwarems823mb3442ms521mb2236_firmwareb2236_firmwaremx826cs521mx331cx431_firmwarexm3250_firmwarexc6153xc4153xc9245_firmwaremx421_firmwarexc4240_firmwarexc6152cx331xc8160_firmwarecx922_firmwarecs827_firmwarecs827cx727mc3326_firmwarems822mc2640b2546cs921xm5365_firmwarexc4140mb2236b3340b2650_firmwareb3442ms821_firmwarecx522xc8155_firmwarexc9255xm1242c2326cx421mb2650_firmwaremb2338_firmwarec2326_firmwarems826_firmwarem5270_firmwarecs727_firmwarem1246_firmwaremx722_firmwarem1342c3224mx321xc8163_firmwarec6160_firmwarecs923c9235cx920_firmwarecx860c3326_firmwaremx822_firmwarexc4150_firmwarecx625ms725_firmwarecs421_firmwarecx421_firmwarecs720c2325_firmwarecx825_firmwarec2535cs820cs431c4150mc2535_firmwarexm1246_firmwarems821mc2425cs728_firmwarec2325cs820_firmwaremx622_firmwaremx722ms825_firmwaremx822xc4143c2240b2546_firmwarems822_firmwarem5255c3426_firmwarexc2326xc8160c3224_firmwarem5255_firmwaremb2770xc4143_firmwarecx921_firmwarexc2235_firmwaremx431mb2650xm3250cs331m5270c3326cs521_firmwarems321_firmwarexc9225cx923_firmwareb2865_firmwarecs421ms421mx522_firmwarecs622_firmwarecx727_firmwarecx924_firmwaremx622b2865mx826_firmwaremb2770_firmwarec4150_firmwarems331mb2442xm1342_firmwaremc2325xc4140_firmwarecx725cs927mc3224_firmwarexc4153_firmwarecx920cs725_firmwaremc3326xm7370_firmwarec2425cx820_firmwaremb2546ms431_firmwarexm5365cx820mx521cs431_firmwarems321c2425_firmwarec2240_firmwareb2338_firmwarecs331_firmwarems622_firmwarem1242cx923cx921m1242_firmwaremc2425_firmwarecs439ms823_firmwarec3426xc6152_firmwarecx522_firmwarexm7355_firmwarec2535_firmwarecs622c9235_firmwarexm7355m3250xc9225_firmwaremx431_firmwarems621_firmwarems621m1342_firmwaremx522b2442cx331_firmwarecx622_firmwareb2338xc4150mx421cs720_firmwareb2650xc2235xc9255_firmwarec6160cx922m3250_firmwarems331_firmwarems521_firmwarecx860_firmwarexm1342ms826xc8163b3340_firmwarecs728b3442_firmwarems725xc9265xc9235cs439_firmwarexc9235_firmwarem1246mc3224cx625_firmwaremb3442_firmwaremc3426mb2546_firmwarems825b2442_firmwarecs921_firmwarecx825cs923_firmwarecx924b2236mb2338mc2325_firmwaremx721mx721_firmwarecx725_firmwarecx431xc2326_firmwarecs727ms421_firmwarems431ms622xc9265_firmwarecx622mx521_firmwaremc3426_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-44736
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.59% / 68.83%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 16:09
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-mc3224imc3224i_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-1896
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.37% / 92.61%
||
7 Day CHG~0.00%
Published-27 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-printer_firmwarexc6152dtfexc8155dtecx825decs720dtecs725decx725dthecs725dtecx825dtecx725dhecx820dtfexc8155decx820dec6160cs820dtecx725dexc4150cx825dtfexc8160decs820dtfecx860dtecs820dec4150xc8160dtecs720decx860decx860dtfexc6152den/a
CVE-2021-44738
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.65% / 91.01%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 15:59
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-xc8155ms812de_firmwarem1145_firmwarex65xxm7370mc2640_firmwarex950_firmwaremc2535ms823mb3442cs517_firmwaremb2236_firmwareb2236_firmwarexm7170_firmwaremx826c746cs521xm9165_firmwaremx717_firmwarems415_firmwarexm3250_firmwarem5163dn_firmwarexc6153cs417cx510_firmwarexc9245_firmwaremx421_firmwaremx510xm1145cx922_firmwarecs827_firmwarecs827ms822mx6500e_firmwareb2546xm5365_firmwarems821_firmwareb3340xm5270m3150de_firmwarecs748_firmwarexc9255cs510xm1242x952_firmwaremb2650_firmwarex952ms826_firmwarem1246_firmwaremx722_firmwarecs923mx321c9235c736_firmwarexm3150_firmwaremx617xm7270_firmwaremx711_firmwarecx860mx822_firmwarecs421_firmwarecx421_firmwarecs517xs950cs720w850c2325_firmwarec734c2535mx711cs820mx410_firmwarec4150ms817_firmwaremc2535_firmwarec950mx310x954cs728_firmwarec2325ms812dnmx710xc4143c2240b2546_firmwaremx910_firmwarems822_firmwarec3426_firmwarecx921_firmwarexc8160c3224_firmwaremb2770x65x_firmwarexc4143_firmwarexm5270_firmwarex46xmx431xm3250xm9145cx517_firmwarecs510_firmwarems321_firmwarexc9225ms911b2865_firmwarecs421ms410_firmwaremx812_firmwaremx910xm5263mx510_firmwarexm5263_firmwarems317_firmwaremx522_firmwarecx727_firmwarecx924_firmwarexm7155_firmwaremx622mx317c792b2865mb2770_firmwaremx611mx410ms410ms331m1140_firmwaremb2442xc2132_firmwarexc4140_firmwarecx725ms818_firmwaremc3224_firmwarecx310_firmwarecs725_firmwarexs795cx820_firmwarec2425mb2546cs796xm5365xc2132x925xs925_firmwarems617_firmwarexm9155_firmwarexm1145_firmwarex73x_firmwarec2240_firmwarems622_firmwaremx717cx921ms617xm1135xm3150ms610dems710_firmwarems823_firmwaremx610_firmwarexm7270c3426cs310_firmwaree46xxm7355_firmwarems510_firmwarecs622xm7355m3250mx718ms621_firmwarems621x548mx417_firmwaremx522cx331_firmwarecx622_firmwarexm1140_firmwareb2338m5155mx811xc4150mx421b2650x748_firmwaremx810m5163de_firmwarecx860_firmwarem1145xs798ms725m1246ms818mc3224m1140\+_firmwarec736ms310mc3426mx310_firmwarems825mx617_firmwarecs921_firmwarec2132cx825x746cx924mx610t65x_firmwareb2236mx721x925_firmwarecx725_firmwarecx431xc9265_firmwarems431cx622cs317cs720_firmwaremx611_firmwarexm1242_firmwarems610de_firmwarecs725xm1140mx331_firmwarexc4240mx321_firmwarecs927_firmwarexm5170xm7163xm1246ms812dn_firmwarexs795_firmwarexc9245mx911cx510mb2442_firmwarexc6153_firmwarems521ms711_firmwarexs796mx331ms810dncx431_firmwarems810dn_firmwarec748e46x_firmwarex954_firmwarex748xc4153xs950_firmwarexc4240_firmwarecs417_firmwarecx410_firmwarexc6152cx331xc8160_firmwarecx727mc3326_firmwaremc2640cs410_firmwarecs921xm5170_firmwarex792_firmwarexc4140ms610dnmb2236xc8155_firmwareb2650_firmwarems610dn_firmwarecx522b3442c925_firmwarec746_firmwarec2326c792_firmwarexs925cx421xm7163_firmwarems810de_firmwarems315x548_firmwaremb2338_firmwarec2326_firmwarecs727_firmwarem5270_firmwarec6160_firmwarexc8163_firmwarem1342c3224xs955_firmwarecx920_firmwarecx410xc4150_firmwaremx812c3326_firmwarem5170_firmwarexm5163mx810_firmwarexm7263cx625mx317_firmwarems725_firmwarecx317_firmwarems415cx825_firmwarecs796_firmwarecx310xm1135_firmwarecs431cs317_firmwarexs796_firmwarems821xm1246_firmwaremc2425mx718_firmwarecs820_firmwaremx722ms417mx622_firmwarec734_firmwarems817mx822ms825_firmwaremx710_firmwarexc2326m5255cs748m5255_firmwarems811x46x_firmwaremx912_firmwarec2132_firmwarexc2235_firmwarems911_firmwarexs748m3150demb2650c3326ms317cs331m5270cs521_firmwarems310_firmwarems517_firmwarecs410cx923_firmwarecx517w850_firmwarems421ms711mx811_firmwaremx517_firmwarem3150dn_firmwarecs622_firmwarems810demx826_firmwarem5163demx517x746_firmwarec4150_firmwarec748_firmwarexm1342_firmwarems811_firmwaremc2325cs927x86x_firmwarem5155_firmwarexm9165c950_firmwaremx6500exc4153_firmwarecx920mc3326xm7370_firmwarexs548_firmwarems517cs310ms431_firmwarecx820ms312_firmwaremx521m1140\+cs431_firmwarec2425_firmwarems321b2338_firmwarecs331_firmwarexs955xc2130m1242cx923m1242_firmwaremc2425_firmwarems312m5170cs439m1140ms710xs748_firmwarexc6152_firmwarem3150dncx522_firmwarec2535_firmwarems417_firmwarec9235_firmwarexc9225_firmwaremx431_firmwarex950m1342_firmwarex73xxm9145_firmwareb2442xm7155mx912xm5163_firmwarems812dex86xxc2235xc9255_firmwarems510c61606500exs798_firmwarems331_firmwarems521_firmwarecx922m3250_firmwarec925xc8163xm1342ms826xc2130_firmwarexm7263_firmwareb3340_firmwarecs728b3442_firmwarexc9265m5163dnxc9235mx911_firmwarecs439_firmwarexc9235_firmware6500e_firmwarecx625_firmwarexm9155x792mb3442_firmwarexm7170mb2546_firmwareb2442_firmwarems315_firmwarecs923_firmwaremb2338mc2325_firmwaremx511xs548cx317mx721_firmwarexc2326_firmwaremx511_firmwarems421_firmwarecs727ms622cx417_firmwaremx521_firmwaremc3426_firmwaremx417t65xn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-44734
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.30% / 92.07%
||
7 Day CHG~0.00%
Published-20 Jan, 2022 | 16:11
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-xc8155ms812de_firmwarem1145_firmwarex65xxm7370mc2640_firmwarex950_firmwaremc2535ms823mb3442cs517_firmwaremb2236_firmwareb2236_firmwarexm7170_firmwaremx826c746cs521xm9165_firmwaremx717_firmwarems415_firmwarexm3250_firmwarem5163dn_firmwarexc6153cs417cx510_firmwarexc9245_firmwaremx421_firmwaremx510xm1145cx922_firmwarecs827_firmwarecs827ms822mx6500e_firmwareb2546xm5365_firmwarems821_firmwareb3340xm5270m3150de_firmwarecs748_firmwarexc9255cs510xm1242x952_firmwaremb2650_firmwarex952ms826_firmwarem1246_firmwaremx722_firmwarecs923mx321c9235c736_firmwarexm3150_firmwaremx617xm7270_firmwaremx711_firmwarecx860mx822_firmwarecs421_firmwarecx421_firmwarecs517xs950cs720w850c2325_firmwarec734c2535mx711cs820mx410_firmwarec4150ms817_firmwaremc2535_firmwarec950mx310x954cs728_firmwarec2325ms812dnmx710xc4143c2240b2546_firmwaremx910_firmwarems822_firmwarec3426_firmwarecx921_firmwarexc8160c3224_firmwaremb2770x65x_firmwarexc4143_firmwarexm5270_firmwarex46xmx431xm3250xm9145cx517_firmwarecs510_firmwarems321_firmwarexc9225ms911b2865_firmwarecs421ms410_firmwaremx812_firmwaremx910xm5263mx510_firmwarexm5263_firmwarems317_firmwaremx522_firmwarecx727_firmwarecx924_firmwarexm7155_firmwaremx622mx317c792b2865mb2770_firmwaremx611mx410ms410ms331m1140_firmwaremb2442xc2132_firmwarexc4140_firmwarecx725ms818_firmwaremc3224_firmwarecx310_firmwarecs725_firmwarexs795cx820_firmwarec2425mb2546cs796xm5365xc2132x925xs925_firmwarems617_firmwarexm9155_firmwarexm1145_firmwarex73x_firmwarec2240_firmwarems622_firmwaremx717cx921ms617xm1135xm3150ms610dems710_firmwarems823_firmwaremx610_firmwarexm7270c3426cs310_firmwaree46xxm7355_firmwarems510_firmwarecs622xm7355m3250mx718ms621_firmwarems621x548mx417_firmwaremx522cx331_firmwarecx622_firmwarexm1140_firmwareb2338m5155mx811xc4150mx421b2650x748_firmwaremx810m5163de_firmwarecx860_firmwarem1145xs798ms725m1246ms818mc3224m1140\+_firmwarec736ms310mc3426mx310_firmwarems825mx617_firmwarecs921_firmwarec2132cx825x746cx924mx610t65x_firmwareb2236mx721x925_firmwarecx725_firmwarecx431xc9265_firmwarems431cx622cs317cs720_firmwaremx611_firmwarexm1242_firmwarems610de_firmwarecs725xm1140mx331_firmwarexc4240mx321_firmwarecs927_firmwarexm5170xm7163xm1246ms812dn_firmwarexs795_firmwarexc9245mx911cx510mb2442_firmwarexc6153_firmwarems521ms711_firmwarexs796mx331ms810dncx431_firmwarems810dn_firmwarec748e46x_firmwarex954_firmwarex748xc4153xs950_firmwarexc4240_firmwarecs417_firmwarecx410_firmwarexc6152cx331xc8160_firmwarecx727mc3326_firmwaremc2640cs410_firmwarecs921xm5170_firmwarex792_firmwarexc4140ms610dnmb2236xc8155_firmwareb2650_firmwarems610dn_firmwarecx522b3442c925_firmwarec746_firmwarec2326c792_firmwarexs925cx421xm7163_firmwarems810de_firmwarems315x548_firmwaremb2338_firmwarec2326_firmwarecs727_firmwarem5270_firmwarec6160_firmwarexc8163_firmwarem1342c3224xs955_firmwarecx920_firmwarecx410xc4150_firmwaremx812c3326_firmwarem5170_firmwarexm5163mx810_firmwarexm7263cx625mx317_firmwarems725_firmwarecx317_firmwarems415cx825_firmwarecs796_firmwarecx310xm1135_firmwarecs431cs317_firmwarexs796_firmwarems821xm1246_firmwaremc2425mx718_firmwarecs820_firmwaremx722ms417mx622_firmwarec734_firmwarems817mx822ms825_firmwaremx710_firmwarexc2326m5255cs748m5255_firmwarems811x46x_firmwaremx912_firmwarec2132_firmwarexc2235_firmwarems911_firmwarexs748m3150demb2650c3326ms317cs331m5270cs521_firmwarems310_firmwarems517_firmwarecs410cx923_firmwarecx517w850_firmwarems421ms711mx811_firmwaremx517_firmwarem3150dn_firmwarecs622_firmwarems810demx826_firmwarem5163demx517x746_firmwarec4150_firmwarec748_firmwarexm1342_firmwarems811_firmwaremc2325cs927x86x_firmwarem5155_firmwarexm9165c950_firmwaremx6500exc4153_firmwarecx920mc3326xm7370_firmwarexs548_firmwarems517cs310ms431_firmwarecx820ms312_firmwaremx521m1140\+cs431_firmwarec2425_firmwarems321b2338_firmwarecs331_firmwarexs955xc2130m1242cx923m1242_firmwaremc2425_firmwarems312m5170cs439m1140ms710xs748_firmwarexc6152_firmwarem3150dncx522_firmwarec2535_firmwarems417_firmwarec9235_firmwarexc9225_firmwaremx431_firmwarex950m1342_firmwarex73xxm9145_firmwareb2442xm7155mx912xm5163_firmwarems812dex86xxc2235xc9255_firmwarems510c61606500exs798_firmwarems331_firmwarems521_firmwarecx922m3250_firmwarec925xc8163xm1342ms826xc2130_firmwarexm7263_firmwareb3340_firmwarecs728b3442_firmwarexc9265m5163dnxc9235mx911_firmwarecs439_firmwarexc9235_firmware6500e_firmwarecx625_firmwarexm9155x792mb3442_firmwarexm7170mb2546_firmwareb2442_firmwarems315_firmwarecs923_firmwaremb2338mc2325_firmwaremx511xs548cx317mx721_firmwarexc2326_firmwaremx511_firmwarems421_firmwarecs727ms622cx417_firmwaremx521_firmwaremc3426_firmwaremx417t65xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-29850
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.73% / 72.18%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 23:11
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-xm1242_firmwaremx331_firmwarexc4240xc8155cs725mx321_firmwarexm7370mc2640_firmwarecs927_firmwarexm1246xc9245mc2535mb2442_firmwarexc6153_firmwarems823mb3442ms521mb2236_firmwareb2236_firmwaremx826cs521mx331cx431_firmwarexm3250_firmwarexc6153xc4153xc9245_firmwaremx421_firmwarexc4240_firmwarexc6152cx331xc8160_firmwarecx922_firmwarecs827_firmwarecs827cx727mc3326_firmwarems822mc2640b2546cs921xm5365_firmwarexc4140mb2236b3340b2650_firmwareb3442ms821_firmwarecx522xc8155_firmwarexc9255xm1242c2326cx421mb2650_firmwarec2326_firmwarems826_firmwarem5270_firmwarecs727_firmwarem1246_firmwaremx722_firmwarem1342c3224mx321xc8163_firmwarec6160_firmwarecs923c9235cx920_firmwarecx860c3326_firmwaremx822_firmwarexc4150_firmwarecx625ms725_firmwarecs421_firmwarecx421_firmwarecs720c2325_firmwarecx825_firmwarec2535cs820cs431c4150mc2535_firmwarexm1246_firmwarems821mc2425cs728_firmwarec2325cs820_firmwaremx622_firmwaremx722ms825_firmwaremx822xc4143c2240b2546_firmwarems822_firmwarem5255c3426_firmwarexc2326xc8160c3224_firmwarem5255_firmwaremb2770xc4143_firmwarecx921_firmwarexc2235_firmwaremx431mb2650xm3250cs331m5270c3326cs521_firmwarems321_firmwarexc9225cx923_firmwareb2865_firmwarecs421ms421mx522_firmwarecs622_firmwarecx727_firmwarecx924_firmwaremx622b2865mx826_firmwaremb2770_firmwarec4150_firmwarems331mb2442xm1342_firmwaremc2325xc4140_firmwarecx725cs927mc3224_firmwarexc4153_firmwarecx920cs725_firmwaremc3326xm7370_firmwarec2425cx820_firmwaremb2546ms431_firmwarexm5365cx820mx521cs431_firmwarems321c2425_firmwarec2240_firmwareb2338_firmwarecs331_firmwarems622_firmwarem1242cx923cx921m1242_firmwaremc2425_firmwarecs439ms823_firmwarec3426xc6152_firmwarecx522_firmwarexm7355_firmwarec2535_firmwarecs622c9235_firmwarexm7355m3250xc9225_firmwaremx431_firmwarems621_firmwarems621m1342_firmwaremx522b2442cx331_firmwarecx622_firmwareb2338xc4150mx421cs720_firmwareb2650xc2235xc9255_firmwarec6160cx922m3250_firmwarems331_firmwarems521_firmwarecx860_firmwarexm1342ms826xc8163b3340_firmwarecs728b3442_firmwarems725xc9265xc9235cs439_firmwarexc9235_firmwarem1246mc3224cx625_firmwaremb3442_firmwaremc3426mb2546_firmwarems825b2442_firmwarecs921_firmwarecx825cs923_firmwarecx924b2236mc2325_firmwaremx721mx721_firmwarecx725_firmwarecx431xc2326_firmwarecs727ms421_firmwarems431ms622xc9265_firmwarecx622mx521_firmwaremc3426_firmwaren/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0101
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.49% / 65.11%
||
7 Day CHG~0.00%
Published-04 May, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-e120n8130x544c546c935dne460e33xx546x642x26xx36xx46xt430w850c77xn70xxet652t650x20xx644x73xc53xc540e34xx782ee360dt654e260c78xn8120c52xn4050ex34xe23xx86xe450x85xw840e250x543x422c544x64xefx65xx772ee240nc510e240e360dne238x646n4000c54325xxnx94xt656e350e462c73xc920t64xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-50737
Matching Score-6
Assigner-Lexmark International Inc.
ShareView Details
Matching Score-6
Assigner-Lexmark International Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.09% / 24.93%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 02:38
Updated-23 Aug, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
An input validation vulnerability in the SE Menu allows an attacker to execute arbitrary code.

The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code.

Action-Not Available
Vendor-Lexmark International, Inc.
Product-variouscs410mslsg_firmwarems911mxtgm_firmwaremx910ms711cx510cxtat_firmwarecxtgv_firmwarec792c746ms810demsnsn_firmwarecxtmm_firmwarecstpc_firmwaremx410cslbn_firmwarecxlbl_firmwarec748cstzj_firmwaremx6500ecxnzj_firmwarecsngv_firmwaremxtsn_firmwarecxtpc_firmwarecstat_firmwarecs310x925ms610dncslbl_firmwarecstgv_firmwarecs510msngm_firmwarems610dems315msngw_firmwarecxtzj_firmwaremxtpm_firmwarex950x548mstgw_firmwarecx410mxtct_firmwarecxlbn_firmwarems812demslbd_firmwaremxlbd_firmware6500emxtgw_firmwarec925cstpp_firmwarecx310cstmh_firmwaremxngm_firmwarecsnzj_firmwarecxtmh_firmwaremxlsg_firmwarec950mx310mstgm_firmwarex792mx710ms310cxtpp_firmwarex746mx610mstsn_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-26068
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-77.71% / 98.97%
||
7 Day CHG~0.00%
Published-10 Apr, 2023 | 00:00
Updated-05 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-mc3326b2650ms725c2535cs720mxtgw_firmwaremx722mslsg_firmwarem1242cx522cx930cxlbl_firmwarexc9335xm1342cs728mx521mx725cs820mx431cslbl_firmwarems621xm7355cxtmm_firmwaremb2650cx625mx522xc9465m5255b2546cx86cx942c4150xc8155mx721c3224cx730mxtpm_firmwarecx827mc3224msngw_firmwaremx331cs923cs927xm1246mslbd_firmwarecx943ms521xc2326cxtpc_firmwaremb2338cs727cxtat_firmwareb2338c2425mc2640xm1242xm7370xc9325cxnzj_firmwarexc9445ms622ms421cs421xc4240b2865csnzj_firmwarexm5365cx820xc8163mb2236xc6152cx944mc2535cs725xm3142mb3442mb2442xc4150mx822mxlbd_firmwarec3426xm3250c3326m1246ms321cx725ms821mstgw_firmwarecxtpp_firmwarecx431c2325xc8160cxlbn_firmwarecx727cx825ms822cs943cxtzj_firmwaremx622mc2325ms439mx421cs827xc4143cstmh_firmwaremx826ms331cx622ms431cstpc_firmwaremx432m3250xc4352mx321mb2770xc4153c6160cs921cs331b2236mxlsg_firmwareb3442cs439b3340cx931msngm_firmwarexc9455c2326cx421mx931mxtgm_firmwaremc2425m5270mc3426xc4140xc6153xm5370cs521xc2235ms823mxtct_firmwarecx735mxngm_firmwaremb2546b2442ms826cs431cslbn_firmwarems825m1342xc4342cstat_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-26067
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-92.17% / 99.70%
||
7 Day CHG~0.00%
Published-10 Apr, 2023 | 00:00
Updated-11 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-mx521cx923mx622b2650mxlsg_firmwaremxngm_firmwarecx421m1242mc3224mx431ms822cx920b2338b3340xc4150c2325xc2235cs921mxtgw_firmwarexc9455mb3442cs820cx735xc9225cx820c3426m1246cx86xc9465cx827ms821xc6152mb2546xc4153xm3142csnzj_firmwarems431xc4352xm5365cslbl_firmwaremxtpm_firmwarecx522cx921mx725cstat_firmwarem5255cs331b2865xc8155c4150cx931mxtgm_firmwarems321xm7370mxtct_firmwarems421cstpc_firmwarecslbn_firmwareb2236c6160cs720mc2640cx730b2546c2326cx942m1342m5270b2442cxlbn_firmwaremx522cx825xc4143mslbd_firmwaremc3326cs421xc6153ms331mx931xm1242xc8163cx431c2535cx924mx421cs439xc9265cxlbl_firmwarecxtat_firmwarexc9235c2425xc9325cxtpp_firmwarexc9255xc4240c3326xc4140cs728cxnzj_firmwaremb2650cx944cx930xc4342mxlbd_firmwaremsngm_firmwarecx622cx922cxtpc_firmwarexm7355mc3426cs923b3442cs827xc9245c923mx321xc9445cx727xm5370xc8160mx826mx721cs725mb2236cs431ms621mstgw_firmwaremc2325ms823ms725ms622cs521xc9335cxtzj_firmwarecx943mb2770mx822mslsg_firmwaremsngw_firmwarec3224mb2442m3250xm3250cs927ms521mc2535cs727cx725xm1246cs943ms439xc2326mx722mb2338cxtmm_firmwaremx331ms826mx432cstmh_firmwarexm1342mc2425cx625ms825n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-23560
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.52%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-xm7355_firmwarexc8163_firmwaremx321cx431_firmwaremx521_firmwarems823_firmwarecx923_firmwarecx860b2442_firmwaremx822mb2546ms826_firmwareb2442ms521_firmwarexm3142cs927xc6152_firmwaremx721ms826cx920mc2425m1242_firmwarec2326_firmwarexc4153_firmwarexc9335_firmwarems821ms822xc4342ms821_firmwaremx822_firmwarec2325xc4150_firmwarexm1246_firmwarecx923mx721_firmwarexm7355b2865cx622c4150_firmwarexc4240mc2640_firmwarecx820_firmwareb3340_firmwarecs439cx421_firmwaremx722xm1242_firmwaremx421mx722_firmwarecx924xc2235_firmwaremb2770xm3250_firmwarexc9445mx431xc9265_firmwaremx432_firmwarec2535_firmwaremx622c9235mc3326_firmwarexm7370cs331cx522_firmwaremc3224mx826cx860_firmwarexm7370_firmwarems622_firmwarecx725_firmwaremx421_firmwarecx825_firmwarexc8155c2326mc2535mc2325_firmwaremb2236xc2326cs827m1342mx321_firmwarecs421_firmwarexc8160cx924_firmwarecs921_firmwaremc3224_firmwarexc2235cs521mx522_firmwarexm1246mb2236_firmwarecx727ms321_firmwareb2236_firmwarems621xc4140c3326b2650xm3142_firmwarexc9455_firmwarecx727_firmwarecs820_firmwarexc4143ms825mb2650_firmwarecx944_firmwarexc9445_firmwarems825_firmwarexc9235_firmwarexc9255_firmwarexc8155_firmwareb3340mx931_firmwarems431xc9245_firmwarecx421b2236ms321cs725xc4352xc9255cs725_firmwarems331_firmwarems431_firmwarecx820cs728_firmwarexc9245xc8160_firmwarecx825xc6153_firmwarems823mc2535_firmwarecs923_firmwaremb3442cs622cx622_firmwarecx431b2650_firmwaremx826_firmwarecx921_firmwarec3326_firmwarexc4140_firmwaremc3426_firmwarecs727_firmwarems622xm3250cx922mx521cx725xc4153c6160_firmwaremb2442mx931xm1342_firmwarexc4352_firmwaremb2650c2240_firmwarecx522xc6152xc9335xc9465mb3442_firmwarexc4150b3442m5255_firmwarecs927_firmwarexm5365mx331xm1342b2865_firmwareb2338cx625_firmwarem5255mb2338_firmwarecs720cx921cs827_firmwarexc4240_firmwarecs521_firmwarec6160cs431_firmwarexc9455xm5365_firmwarec2425xc6153c3426cs923m3250_firmwaremx622_firmwarem3250cs431m1342_firmwarexc9465_firmwarec2425_firmwarem5270_firmwarecs439_firmwarems822_firmwarecx944ms725xc8163mc2325b2546ms331m1246_firmwarecx922_firmwaremx331_firmwarexc9235xm1242mb2442_firmwarecs820ms621_firmwarecs728cs421cs622_firmwarec9235_firmwaremb2546_firmwaremc2640cx331xc9225c3224_firmwarem5270mx432b3442_firmwaremx522cs331_firmwarecx331_firmwaremc2425_firmwarecx625c2240cx920_firmwaremc3326mx431_firmwarems421xc9265cs921c3224cs727ms725_firmwarems421_firmwaremb2770_firmwaremc3426m1246xc4143_firmwarec2535b2338_firmwaremb2338xc2326_firmwarexc9225_firmwarec2325_firmwarexc4342_firmwarem1242cs720_firmwareb2546_firmwarec4150ms521c3426_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-26069
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.94%
||
7 Day CHG~0.00%
Published-10 Apr, 2023 | 00:00
Updated-11 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-mx521mx622b2650mxlsg_firmwaremxngm_firmwarecx421m1242mc3224mx431ms822b2338b3340xc4150c2325xc2235cs921mxtgw_firmwarexc9455mb3442cs820cx735cx820c3426m1246cx86xc9465cx827ms821xc6152mb2546xc4153xm3142csnzj_firmwarems431xc4352xm5365cslbl_firmwaremxtpm_firmwarecx522mx725cstat_firmwarem5255cs331b2865xc8155c4150cx931mxtgm_firmwarems321xm7370mxtct_firmwarems421cstpc_firmwarecslbn_firmwareb2236c6160cs720mc2640cx730b2546c2326cx942m1342m5270b2442cxlbn_firmwaremx522cx825xc4143mslbd_firmwaremc3326cs421xc6153ms331mx931xm1242xc8163cx431c2535mx421cs439cxlbl_firmwarecxtat_firmwarec2425xc9325cxtpp_firmwarexc4240c3326xc4140cs728cxnzj_firmwaremb2650cx944cx930xc4342mxlbd_firmwaremsngm_firmwarecx622cxtpc_firmwarexm7355mc3426cs923b3442cs827mx321xc9445cx727xm5370xc8160mx826mx721cs725mb2236cs431ms621mstgw_firmwaremc2325ms823ms725ms622cs521xc9335cxtzj_firmwarecx943mb2770mx822mslsg_firmwaremsngw_firmwarec3224mb2442m3250xm3250cs927ms521mc2535cs727cx725xm1246cs943ms439xc2326mx722mb2338cxtmm_firmwaremx331ms826mx432cstmh_firmwarexm1342mc2425cx625ms825n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2023-26070
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 48.50%
||
7 Day CHG~0.00%
Published-10 Apr, 2023 | 00:00
Updated-11 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-mx521mx611x746mx622b2650mxlsg_firmwaremxngm_firmwarecx421m1242mc3224mx431ms822ms818b2338b3340xm9155c2325xc2235x748x46xx86xms811mxtgw_firmwarecx517xc9455mb3442xs795cx735c2132t65xc3426ms911m1246ms711xs955xc9465ms821mb2546c746xm3142csnzj_firmwarems431xc4352xm5365xm7170c736cslbl_firmwarexm9165mx717xm5163mxtpm_firmwarecx522x950cx510mx725mx811lr_firmwarex954c950m5255w850cs331b2865cx931mx617mc232mxtgm_firmwarems321xm7370xm7263xm7270cx417xs798mxtct_firmwarex952c734xs796ms421cs417cstpc_firmwarecslbn_firmwareb2236cstzj_firmwaremc2640cx730b2546c2326cx942m1342m5270b2442cxlbn_firmwaremx522mx810cs622mslbd_firmwarem5163dnmc3326cs421ms331mx931ms810dexm1242ms710xs950cx431c2535xc2132xm7155ms812decs4106500exm3150mx421ms817cs439cxlbl_firmwaremx610mx812c2425xc9325xc4240c3326m5163decs796lw80_firmwarem5170x792mx910cs517xm5170mb2650cx317cx944cx930xc4342mxlbd_firmwarecx310x548msngm_firmwarecx622mx6500exm5270cs310c748cxtpc_firmwarexc2130xm7355mc3426b3442mx321xc9445xm9145m5155mx912xm5370xs748mx826mx721cs510mb2236cs431mx711ms621mstgw_firmwarems823x65xms725ms622cx410cs521xc9335cs317mx911mx710cs748ms810dncxtzj_firmwarecx943mb2770mx822mx718lp_firmwarex73xmslsg_firmwaremsngw_firmwarexm7163x925c3224xs925ms812dnmb2442m3250xm3250xs548ms521mc2535c792e46xxm1246cs943ms439xm5263xc2326mx722mb2338cxtmm_firmwaremx331ms826mx432c925c2240xm1342mc2425lhs60_firmwarecx625ms825n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5589
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.38% / 93.06%
||
7 Day CHG~0.00%
Published-16 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6826
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.38% / 90.81%
||
7 Day CHG~0.00%
Published-08 Jun, 2009 | 19:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages.

Action-Not Available
Vendor-mhfmedian/a
Product-ads_pron/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5568
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-31.84% / 96.69%
||
7 Day CHG~0.00%
Published-22 Sep, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xandroidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5780
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-10||HIGH
EPSS-0.63% / 69.80%
||
7 Day CHG~0.00%
Published-09 Oct, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0258
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.39% / 87.14%
||
7 Day CHG~0.00%
Published-22 Jan, 2009 | 23:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.

Action-Not Available
Vendor-n/aTYPO3 Association
Product-typo3n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0137
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.51% / 66.05%
||
7 Day CHG~0.00%
Published-13 Feb, 2009 | 00:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-windows_vistasafariwindows_xpmac_os_xmac_os_x_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5963
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.09% / 90.58%
||
7 Day CHG~0.00%
Published-23 Jan, 2009 | 18:38
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter.

Action-Not Available
Vendor-gravity-gtdn/a
Product-gravity-gtdn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5810
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.70% / 87.70%
||
7 Day CHG~0.00%
Published-02 Jan, 2009 | 18:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.

Action-Not Available
Vendor-fujitsu-siemensn/a
Product-webtransactionsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6556
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.19% / 84.06%
||
7 Day CHG~0.00%
Published-30 Mar, 2009 | 20:00
Updated-07 Aug, 2024 | 11:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command.

Action-Not Available
Vendor-puppet_mastern/a
Product-webutiln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-3111
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-13.36% / 94.02%
||
7 Day CHG~0.00%
Published-09 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4910
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.31% / 88.64%
||
7 Day CHG~0.00%
Published-04 Nov, 2008 | 01:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_web_startn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5220
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.53% / 90.06%
||
7 Day CHG~0.00%
Published-25 Nov, 2008 | 18:09
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.

Action-Not Available
Vendor-wportfolion/a
Product-wportfolion/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4770
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.82% / 90.33%
||
7 Day CHG~0.00%
Published-16 Jan, 2009 | 21:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."

Action-Not Available
Vendor-realvncn/a
Product-realvncn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4641
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.02% / 83.47%
||
7 Day CHG~0.00%
Published-21 Oct, 2008 | 16:00
Updated-07 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.

Action-Not Available
Vendor-sentexn/a
Product-jheadn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4559
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.97% / 88.14%
||
7 Day CHG~0.00%
Published-08 Feb, 2009 | 21:00
Updated-17 Sep, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4404
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.53% / 81.02%
||
7 Day CHG~0.00%
Published-03 Oct, 2008 | 15:00
Updated-17 Sep, 2024 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.

Action-Not Available
Vendor-n/aIBM Corporation
Product-zseriesn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4283
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.50% / 65.44%
||
7 Day CHG~0.00%
Published-10 Feb, 2009 | 22:13
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3306
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-5.08% / 89.59%
||
7 Day CHG~0.00%
Published-18 Jul, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-epc3925dpc3010dpc3825epc3212epc3825dpc3212epc3010dpc3925dpq3925n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4329
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.78% / 87.80%
||
7 Day CHG~0.00%
Published-30 Sep, 2008 | 17:00
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter.

Action-Not Available
Vendor-openenginen/a
Product-openenginen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4509
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.00% / 94.18%
||
7 Day CHG~0.00%
Published-09 Oct, 2008 | 16:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory.

Action-Not Available
Vendor-foss_galleryn/a
Product-foss_galleryn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4428
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-7.18% / 91.40%
||
7 Day CHG~0.00%
Published-03 Oct, 2008 | 22:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory.

Action-Not Available
Vendor-phlatlinen/a
Product-personal_information_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0701
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-1.07% / 77.37%
||
7 Day CHG~0.00%
Published-07 May, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_system_central_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1132
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-10||HIGH
EPSS-1.10% / 77.67%
||
7 Day CHG~0.00%
Published-10 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0301
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-7.40% / 91.55%
||
7 Day CHG~0.00%
Published-13 Jan, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-flash_playeradobe_airlinux_kerneladobe_air_sdk_and_compileradobe_air_sdkwindowsmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0574
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.19%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidSnapdragon Mobile, Snapdragon Wear
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9971
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.19%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidSnapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2008-3479
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-69.09% / 98.59%
||
7 Day CHG~0.00%
Published-15 Oct, 2008 | 00:00
Updated-07 Aug, 2024 | 09:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-3362
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.34% / 90.77%
||
7 Day CHG~0.00%
Published-30 Jul, 2008 | 16:03
Updated-07 Aug, 2024 | 09:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/.

Action-Not Available
Vendor-giulio_gancin/aWordPress.org
Product-wp_downloads_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-8873
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-7.64% / 91.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary code via a JAR file.

Action-Not Available
Vendor-n/aOracle Corporation
Product-openjdkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-8824
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-10||HIGH
EPSS-0.98% / 76.43%
||
7 Day CHG~0.00%
Published-30 Jan, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-8836
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-10||HIGH
EPSS-1.20% / 78.59%
||
7 Day CHG~0.00%
Published-30 Jan, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-2157
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-85.00% / 99.32%
||
7 Day CHG~0.00%
Published-29 May, 2008 | 16:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.

Action-Not Available
Vendor-emc_corporationn/a
Product-alphastorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-32534
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-8.8||HIGH
EPSS-2.83% / 85.89%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:55
Updated-03 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. This allows execution of shell commands.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-pra-es8p2spra-es8p2s_firmwarePRA-ES8P2S
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found