CVE-2017-13771 – Lexmark Scan To Network (SNF) 3.2.9 Information Disclosure
https://notcve.org/view.php?id=CVE-2017-13771
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. Lexmark Scan To Network (SNF) 3.2.9 y anteriores almacena las credenciales de configuración de red como texto plano y las transmite en peticiones, lo que permite que atacantes remotos obtengan información sensible mediante peticiones a (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet o (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. Lexmark Scan to Network (SNF) printer application versions 3.2.9 and below suffer from a credential disclosure vulnerability. • http://packetstormsecurity.com/files/143975/Lexmark-Scan-To-Network-SNF-3.2.9-Information-Disclosure.html http://seclists.org/fulldisclosure/2017/Aug/46 https://support.lexmark.com/alerts • CWE-522: Insufficiently Protected Credentials •
CVE-2017-2806
https://notcve.org/view.php?id=CVE-2017-2806
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 Existe una lectura arbitraria explotable en el análisis XLS de la funcionalidad Lexmark Perspective Document Filters. Un documento XLS manipulado puede conducir a una lectura arbitraria resultante en la revelación de la memoria. La vulnerabilidad se confirmó en las versiones 11.3.0.2228 y 11.3.0.2400 • http://www.talosintelligence.com/reports/TALOS-2017-0302 • CWE-125: Out-of-bounds Read •
CVE-2016-5646
https://notcve.org/view.php?id=CVE-2016-5646
An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de memoria dinámica en la funcionalidad del analizador Compound Binary File Format (CBFF) de la librería Lexmark Perceptive Document Filters. Un archivo CBFF especialmente manipulado puede provocar una ejecución de código. • http://www.talosintelligence.com/reports/TALOS-2016-0185 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4336
https://notcve.org/view.php?id=CVE-2016-4336
An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could potentially be leveraged by an attacker to gain arbitrary code execution. Existe una escritura fuera de límites explotable en el análisis Bzip2 de la funcionalidad de conversión Lexmark Perspective Document Filters. Un documento Bzip2 manipulado puede conducir a un desbordamiento de búfer basado en pila provocando una escritura fuera de límites que bajo la circunstancia adecuada podría ser aprovechado potencialmente por un atacante para obtener la ejecución de código arbitrario. • http://www.talosintelligence.com/reports/TALOS-2016-0173 • CWE-787: Out-of-bounds Write •
CVE-2016-4335
https://notcve.org/view.php?id=CVE-2016-4335
An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution. Existe un desbordamiento de búfer explotable en el análisis XLS de la funcionalidad de conversión Lexmark Perspective Document Filters. Un documento XLS manipulado puede conducir a un desbordamiento de búfer basado en pila resultando en ejecución remota de código. • http://www.securityfocus.com/bid/92425 http://www.talosintelligence.com/reports/TALOS-2016-0172 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •