| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server Service (LexPPS), possibly 8.29 and 9.41, allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based on a vague initial disclosure; details will be updated after the grace period has ended. |
| The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow. |
| Multiple buffer overflows in Lexmark MarkVision printer driver programs allows local users to gain privileges via long arguments to the cat_network, cat_paraller, and cat_serial commands. |
| Lexmark X1185 printer allows local users to gain SYSTEM privileges by navigating to the "Appearance" dialog and selecting the "Additional styles (skins) are available on the Lexmark web site" option, which launches a web browser that is running with SYSTEM privileges. |
| A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerability can lead to internal network access / potential data disclosure from a device. |
| The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem. |
| A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. |
| A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. |
| A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. |
| An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code. |
| An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. |
| A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. |
| A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to
override this downgrade protection has been identified. |
| A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization |
| A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client. |
| Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL. |
| Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4). |
| An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability. |
| An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this vulnerability. |
| An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 |
