Xerox CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (111 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2018-20768	1 Xerox	58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more	2024-11-21	N/A
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file.
CVE-2018-20767	1 Xerox	58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more	2024-11-21	N/A
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.
CVE-2018-17172	1 Xerox	20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more	2024-11-21	N/A
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.
CVE-2018-15530	1 Xerox	2 Colorqube 8580, Colorqube 8580 Firmware	2024-11-21	N/A
Cross-site scripting (XSS) in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code.
CVE-2016-11061	1 Xerox	50 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 47 more	2024-11-21	9.8 Critical
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.
CVE-2013-6362	1 Xerox	24 Colorqube 9201, Colorqube 9201 Firmware, Colorqube 9202 and 21 more	2024-11-21	9.8 Critical
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts.
CVE-2024-47559	1 Xerox	1 Freeflow Core	2024-10-16	7.6 High
Authenticated RCE via Path Traversal
CVE-2024-47558	1 Xerox	1 Freeflow Core	2024-10-16	7.6 High
Authenticated RCE via Path Traversal
CVE-2024-47556	1 Xerox	1 Freeflow Core	2024-10-16	8.3 High
Pre-Auth RCE via Path Traversal
CVE-2024-47557	1 Xerox	1 Freeflow Core	2024-10-16	8.3 High
Pre-Auth RCE via Path Traversal
CVE-2024-47555	1 Xerox	1 Freeflow Core	2024-10-10	8.3 High
Missing Authentication - User & System Configuration

« first previous Page 6 of 6.