Filtered by vendor Ricoh
Subscriptions
Total
44 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-14301 | 1 Ricoh | 104 M 2700, M 2700 Firmware, M 2701 and 101 more | 2024-11-21 | 7.5 High |
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2). | ||||
CVE-2019-14300 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2024-11-21 | N/A |
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | ||||
CVE-2019-14299 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2024-11-21 | 9.8 Critical |
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. | ||||
CVE-2019-11845 | 1 Ricoh | 2 Sp 4510dn, Sp 4510dn Firmware | 2024-11-21 | N/A |
An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. | ||||
CVE-2019-11844 | 1 Ricoh | 2 Sp 4520dn, Sp 4520dn Firmware | 2024-11-21 | N/A |
An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter. | ||||
CVE-2018-18006 | 1 Ricoh | 1 Myprint | 2024-11-21 | N/A |
Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files. | ||||
CVE-2018-17316 | 1 Ricoh | 2 Mp C6003, Mp C6003 Firmware | 2024-11-21 | N/A |
On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
CVE-2018-17315 | 1 Ricoh | 2 Mp C2003, Mp C2003sp Firmware | 2024-11-21 | N/A |
On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
CVE-2018-17314 | 1 Ricoh | 2 Mp 305\+, Mp 305\+ Firmware | 2024-11-21 | N/A |
On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
CVE-2018-17313 | 1 Ricoh | 2 Mp C307, Mp C307 Firmware | 2024-11-21 | N/A |
On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
CVE-2018-17312 | 1 Ricoh | 2 Aficio Mp 301spf, Aficio Mp 301spf Firmware | 2024-11-21 | N/A |
On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
CVE-2018-17311 | 1 Ricoh | 2 Mp C6503, Mp C6503 Firmware | 2024-11-21 | N/A |
On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
CVE-2018-17310 | 1 Ricoh | 2 Mp C1803 Jpn, Mp C1803 Jpn Firmware | 2024-11-21 | N/A |
On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
CVE-2018-17309 | 1 Ricoh | 2 Mp C406z, Mp C406zspf Firmware | 2024-11-21 | N/A |
On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
CVE-2018-17002 | 1 Ricoh | 2 Mp 2001sp, Mp 2001sp Firmware | 2024-11-21 | N/A |
On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
CVE-2018-17001 | 1 Ricoh | 2 Sp 4510sf, Sp 4510sf Firmware | 2024-11-21 | N/A |
On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
CVE-2018-16188 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2024-11-21 | N/A |
SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2018-16187 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2024-11-21 | N/A |
The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication. | ||||
CVE-2018-16186 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2024-11-21 | N/A |
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration. | ||||
CVE-2018-16185 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2024-11-21 | N/A |
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program. |