ReportizFlow
Filtered by vendor Lexmark
Subscriptions
Total
72 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4046 | 1 Lexmark | 1 Cloud Services | 2025-08-21 | 8.5 High |
| A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization | ||||
| CVE-2025-4044 | 2 Lexmark, Microsoft | 2 Universal Print Driver, Windows | 2025-08-21 | 8.2 High |
| Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL. | ||||
| CVE-2023-50739 | 1 Lexmark | 1 Printer Firmware | 2025-07-13 | 8.8 High |
| A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | ||||
| CVE-2023-50738 | 1 Lexmark | 1 Printer Firmware | 2025-07-13 | 4.3 Medium |
| A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. | ||||
| CVE-2025-1126 | 1 Lexmark | 1 Lexmark | 2025-06-16 | 9.3 Critical |
| A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client. | ||||
| CVE-2025-1127 | 1 Lexmark | 1 Lexmark | 2025-06-16 | 9.1 Critical |
| The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem. | ||||
| CVE-2023-26068 | 1 Lexmark | 152 B2236, B2338, B2442 and 149 more | 2025-05-05 | 9.8 Critical |
| Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4). | ||||
| CVE-2017-2806 | 1 Lexmark | 1 Perceptive Document Filters | 2025-04-20 | N/A |
| An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 | ||||
| CVE-2017-2821 | 1 Lexmark | 1 Perceptive Document Filters | 2025-04-20 | N/A |
| An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution. | ||||
| CVE-2016-5646 | 1 Lexmark | 1 Perceptive Document Filters | 2025-04-20 | N/A |
| An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this vulnerability. | ||||
| CVE-2016-4336 | 1 Lexmark | 1 Perceptive Document Filters | 2025-04-20 | N/A |
| An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could potentially be leveraged by an attacker to gain arbitrary code execution. | ||||
| CVE-2017-2822 | 1 Lexmark | 1 Perceptive Document Filters | 2025-04-20 | N/A |
| An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability. | ||||
| CVE-2017-13771 | 1 Lexmark | 1 Scan To Network | 2025-04-20 | N/A |
| Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. | ||||
| CVE-2016-4335 | 1 Lexmark | 1 Perceptive Document Filters | 2025-04-20 | N/A |
| An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution. | ||||
| CVE-2016-1896 | 1 Lexmark | 28 C4150, C6160, Cs720de and 25 more | 2025-04-12 | N/A |
| Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status. | ||||
| CVE-2016-3145 | 1 Lexmark | 28 C4150, C6160, Cs720de and 25 more | 2025-04-12 | N/A |
| Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory. | ||||
| CVE-2014-9375 | 1 Lexmark | 1 Markvision Enterprise | 2025-04-12 | N/A |
| Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive. | ||||
| CVE-2013-3055 | 1 Lexmark | 1 Markvision | 2025-04-11 | N/A |
| Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors. | ||||
| CVE-2010-0101 | 1 Lexmark | 61 25xxn, C510, C52x and 58 more | 2025-04-11 | N/A |
| The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header. | ||||
| CVE-2010-0618 | 1 Lexmark | 1 Z2420 | 2025-04-11 | N/A |
| The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser and inkjet printers and MarkNet devices allows remote attackers to cause a denial of service (TCP outage) by making many passive FTP connections and then aborting these connections. | ||||