CVSS: 9.0EPSS: 14%CPEs: 1EXPL: 1CVE-2022-26111
https://notcve.org/view.php?id=CVE-2022-26111
25 Apr 2022 — The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server. Los componentes BeanShell de IRISNext versiones hasta 9.8.28, permiten una ejecución de comandos arbitrarios en el servidor de destino median... • https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 10.0EPSS: 6%CPEs: 152EXPL: 0CVE-2022-24673 – Canon imageCLASS MF644Cdw SLP Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24673
18 Mar 2022 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.usa.canon.com/support/canon-product-advisories/canon-laser-printer-inkjet-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 152EXPL: 0CVE-2022-24674 – Canon imageCLASS MF644Cdw privet Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24674
18 Mar 2022 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/canon-laser-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 183EXPL: 0CVE-2022-26320
https://notcve.org/view.php?id=CVE-2022-26320
14 Mar 2022 — The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate. Rambus SafeZone Basic Crypto Module anterior a la versión 10.4.0, utilizado en algunos dispositivos Fujifilm (a... • https://fermatattack.secvuln.info • CWE-330: Use of Insufficiently Random Values •
CVSS: 4.8EPSS: 0%CPEs: 34EXPL: 0CVE-2021-20877
https://notcve.org/view.php?id=CVE-2021-20877
08 Feb 2022 — Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162D... • https://cweb.canon.jp/e-support/info/211221xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2021-43471
https://notcve.org/view.php?id=CVE-2021-43471
06 Dec 2021 — In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. En las impresoras Canon LBP223, el inicio de sesión en el modo de administrador del sistema no requiere una contraseña de cuenta o un PIN. Un atacante puede apagar remotamente el dispositivo después de entrar en el fondo, creando una vulnerabilidad de denegación de servicio • https://github.com/cxaqhq/CVE-2021-43471 • CWE-521: Weak Password Requirements •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38154
https://notcve.org/view.php?id=CVE-2021-38154
29 Aug 2021 — Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For example, an incoming FAX may be sent through e-mail to the attacker. This occurs when a PIN is not required for General User Mode, as exploited in the wild in August 2021. Determinados dispositivos de Canon fabri... • https://protocolpolice.nl/CVE-2021-38154_Protocol_Police_Catwalk_Alert • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39368
https://notcve.org/view.php?id=CVE-2021-39368
22 Aug 2021 — Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter. Canon Oce Print Exec Workgroup versión 1.3.2, permite un ataque de tipo XSS por medio del parámetro lang. • https://github.com/IthacaLabs/Canon/tree/main/OCE_Print_Exec_Workgroup_Version_1_3_2/XSS_HTMLi • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39367
https://notcve.org/view.php?id=CVE-2021-39367
22 Aug 2021 — Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. Canon Oce Print Exec Workgroup versión 1.3.2, permite una inyección del encabezado Host. • https://github.com/IthacaLabs/Canon/tree/main/OCE_Print_Exec_Workgroup_Version_1_3_2/HHI • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.8EPSS: 4%CPEs: 2EXPL: 3CVE-2021-38085 – Canon TR150 Driver 3.71.2.10 Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-38085
11 Aug 2021 — The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that gets loaded by printisolationhost (a system process). El controlador de impresión Canon TR150 versiones hasta 3.71.2.10, e... • https://packetstorm.news/files/id/163795 • CWE-732: Incorrect Permission Assignment for Critical Resource •