Lexmark 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk memory corruption、vendor risk csrf, and vendor risk xxe があり、vendor surface production workloads の利用場面で ファイル上書き、vendor impact unexpected behavior, and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-40239 | Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability. | [email protected] | 7.5 | 0.27% | 2023-09-01 | 2024-11-21 |
| CVE-2023-26070 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4). | [email protected] | 9.8 | 0.40% | 2023-04-10 | 2025-02-11 |
| CVE-2023-26069 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4). | [email protected] | 9.8 | 0.57% | 2023-04-10 | 2025-02-11 |
| CVE-2023-26068 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4). | [email protected] | 9.8 | 81.34% | 2023-04-10 | 2025-05-05 |
| CVE-2023-26067 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4). | [email protected] | 8.1 | 93.00% | 2023-04-10 | 2025-02-11 |
| CVE-2023-26066 | Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index. | [email protected] | 9.8 | 0.49% | 2023-04-10 | 2025-02-11 |
| CVE-2023-26065 | Certain Lexmark devices through 2023-02-19 have an Integer Overflow. | [email protected] | 9.8 | 0.67% | 2023-04-10 | 2025-02-11 |
| CVE-2023-26064 | Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write. | [email protected] | 9.8 | 0.67% | 2023-04-10 | 2025-02-11 |
| CVE-2023-26063 | Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type. | [email protected] | 9.8 | 0.78% | 2023-04-10 | 2025-02-11 |
| CVE-2023-23560 | In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. | [email protected] | 9.8 | 1.54% | 2023-01-23 | 2025-04-02 |
| CVE-2023-22960 | Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. | [email protected] | 7.5 | 35.52% | 2023-01-23 | 2025-04-02 |
| CVE-2022-29850 | Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots. | [email protected] | 8.1 | 0.68% | 2022-08-26 | 2024-11-21 |
| CVE-2022-24935 | Lexmark products through 2022-02-10 have Incorrect Access Control. | [email protected] | 7.5 | 0.26% | 2022-04-28 | 2024-11-21 |
| CVE-2021-44737 | PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files. | [email protected] | 8.8 | 0.85% | 2022-01-20 | 2024-11-21 |
| CVE-2021-44736 | The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature. | [email protected] | 9.8 | 0.72% | 2022-01-20 | 2024-11-21 |
| CVE-2021-44735 | Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. | [email protected] | 9.8 | 13.23% | 2022-01-20 | 2024-11-21 |
| CVE-2021-44734 | Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device. | [email protected] | 9.8 | 12.84% | 2022-01-20 | 2024-11-21 |
| CVE-2021-44738 | Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter. | [email protected] | 9.8 | 9.65% | 2022-01-20 | 2024-11-21 |
| CVE-2021-35449 | The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM. | [email protected] | 7.8 | 13.29% | 2021-07-19 | 2024-11-21 |
| CVE-2021-35469 | The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path. | [email protected] | 7.8 | 0.04% | 2021-07-14 | 2024-11-21 |