Aggregates CVE and security vulnerability intelligence across all Lexmark-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting, vendor risk memory corruption, vendor risk csrf, and vendor risk xxe and related problems; some flaws may lead to vendor impact file overwrite.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-40239 | Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability. | [email protected] | 7.5 | 0.45% | 2023-09-01 | 2024-11-21 |
| CVE-2023-26070 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4). | [email protected] | 9.8 | 0.71% | 2023-04-10 | 2025-02-11 |
| CVE-2023-26069 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4). | [email protected] | 9.8 | 0.71% | 2023-04-10 | 2025-02-11 |
| CVE-2023-26068 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4). | [email protected] | 9.8 | 11.63% | 2023-04-10 | 2025-05-05 |
| CVE-2023-26067 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4). | [email protected] | 8.1 | 37.84% | 2023-04-10 | 2025-02-11 |
| CVE-2023-26066 | Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index. | [email protected] | 9.8 | 0.71% | 2023-04-10 | 2025-02-11 |
| CVE-2023-26065 | Certain Lexmark devices through 2023-02-19 have an Integer Overflow. | [email protected] | 9.8 | 0.67% | 2023-04-10 | 2025-02-11 |
| CVE-2023-26064 | Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write. | [email protected] | 9.8 | 0.67% | 2023-04-10 | 2025-02-11 |
| CVE-2023-26063 | Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type. | [email protected] | 9.8 | 0.71% | 2023-04-10 | 2025-02-11 |
| CVE-2023-23560 | In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. | [email protected] | 9.8 | 14.95% | 2023-01-23 | 2025-04-02 |
| CVE-2023-22960 | Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. | [email protected] | 7.5 | 27.77% | 2023-01-23 | 2025-04-02 |
| CVE-2022-29850 | Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots. | [email protected] | 8.1 | 0.81% | 2022-08-26 | 2024-11-21 |
| CVE-2022-24935 | Lexmark products through 2022-02-10 have Incorrect Access Control. | [email protected] | 7.5 | 0.70% | 2022-04-28 | 2024-11-21 |
| CVE-2021-44737 | PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files. | [email protected] | 8.8 | 1.44% | 2022-01-20 | 2024-11-21 |
| CVE-2021-44736 | The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature. | [email protected] | 9.8 | 2.43% | 2022-01-20 | 2024-11-21 |
| CVE-2021-44735 | Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. | [email protected] | 9.8 | 7.70% | 2022-01-20 | 2024-11-21 |
| CVE-2021-44734 | Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device. | [email protected] | 9.8 | 6.43% | 2022-01-20 | 2024-11-21 |
| CVE-2021-44738 | Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter. | [email protected] | 9.8 | 3.31% | 2022-01-20 | 2024-11-21 |
| CVE-2021-35449 | The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM. | [email protected] | 7.8 | 1.41% | 2021-07-19 | 2024-11-21 |
| CVE-2021-35469 | The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path. | [email protected] | 7.8 | 0.25% | 2021-07-14 | 2024-11-21 |