CVSS: 9.1EPSS: 0%CPEs: 183EXPL: 0CVE-2022-26320
https://notcve.org/view.php?id=CVE-2022-26320
The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate. Rambus SafeZone Basic Crypto Module anterior a la versión 10.4.0, utilizado en algunos dispositivos Fujifilm (antes Fuji Xerox) anteriores a 2022-03-01, dispositivos Canon imagePROGRAF e imageRUNNER hasta 2022-03-14, y potencialmente muchos otros dispositivos, genera claves RSA que pueden romperse con el método de factorización de Fermat. Esto permite un cálculo eficiente de las claves RSA privadas a partir de la clave pública de un certificado TLS • https://fermatattack.secvuln.info https://global.canon/en/support/security/index.html https://safezoneswupdate.com https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html https://www.rambus.com/security/response-center/advisories/rmbs-2021-01 https://web.archive.org/web/20220922042721/https://safezoneswupdate.com • CWE-330: Use of Insufficiently Random Values •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39368
https://notcve.org/view.php?id=CVE-2021-39368
Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter. Canon Oce Print Exec Workgroup versión 1.3.2, permite un ataque de tipo XSS por medio del parámetro lang. • https://github.com/IthacaLabs/Canon/tree/main/OCE_Print_Exec_Workgroup_Version_1_3_2/XSS_HTMLi • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39367
https://notcve.org/view.php?id=CVE-2021-39367
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. Canon Oce Print Exec Workgroup versión 1.3.2, permite una inyección del encabezado Host. • https://github.com/IthacaLabs/Canon/tree/main/OCE_Print_Exec_Workgroup_Version_1_3_2/HHI • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2019-14339 – Canon PRINT 2.5.5 - Information Disclosure
https://notcve.org/view.php?id=CVE-2019-14339
The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key. ContentProvider en la aplicación Canon PRINT jp.co.canon.bsd.ad.pixmaprint versión 2.5.5 para Android no restringe correctamente el acceso a los datos de canon.ij.printer.capability.data. Esto permite que la aplicación maliciosa de un atacante obtenga información confidencial, incluidas las contraseñas de fábrica para la interfaz web del administrador y la clave WPA2-PSK. Canon PRINT version 2.5.5 suffers from a content provider URI injection vulnerability. • https://www.exploit-db.com/exploits/47321 https://github.com/0x48piraj/CVE-2019-14339 http://packetstormsecurity.com/files/154266/Canon-PRINT-2.5.5-URI-Injection.html https://play.google.com/store/apps/details?id=jp.co.canon.bsd.ad.pixmaprint&hl=en_US •