CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2019-18630
https://notcve.org/view.php?id=CVE-2019-18630
On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure. En las impresoras multifunción Xerox AltaLink B8045/B8055/B8065/B8075/B8090 y C8030/C8035/C8045/C8055/C8070 con versiones de software anteriores a 101.00x.099.28200, las partes de la unidad que contenían código ejecutable no se cifraron, por lo que quedaron abiertas a posibles cifrados de divulgación de información • https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.2.pdf • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 0CVE-2019-18629
https://notcve.org/view.php?id=CVE-2019-18629
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key. Las impresoras multifunción Xerox AltaLink B8045/B8055/B8065/B8075/B8090 y C8030/C8035/C8045/C8055/C8070 con versiones de software anteriores a 101.00x.099.28200, permiten a un atacante ejecutar un binario no deseado durante la instalación de un clon explotado. Esto requiere crear un archivo clonado y firmar ese archivo con una clave privada comprometida • https://security.business.xerox.com https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX19AI_for_ALB80xx-C80xx_v1.1.pdf •
CVSS: 4.9EPSS: 0%CPEs: 20EXPL: 0CVE-2019-18628
https://notcve.org/view.php?id=CVE-2019-18628
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure. Las impresoras multifunción Xerox AltaLink B8045/B8055/B8065/B8075/B8090 y C8030/C8035/C8045/C8055/C8070 con versiones de software anteriores a 101.00x.099.28200, permiten a un usuario con privilegios administrativos desactivar el cifrado de datos en el dispositivo, dejándolo así abierto a una posible divulgación de información criptográfica • https://security.business.xerox.com https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX20I_for_ALB80xx-C80xx_v1.1.pdf •
CVSS: 7.5EPSS: 0%CPEs: 60EXPL: 0CVE-2020-36201
https://notcve.org/view.php?id=CVE-2020-36201
An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices. Se detectó un problema en determinados productos Xerox WorkCentre. No cifran apropiadamente las contraseñas. • https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20L_for_ConnectKey-1.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-26162
https://notcve.org/view.php?id=CVE-2020-26162
Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages. Los dispositivos Xerox WorkCentre EC7836 versiones anteriores a 073.050.059.25300 y EC7856 versiones anteriores a 073.020.059.25300, permiten un ataque de tipo XSS por medio de unas páginas de Descripción • https://securitydocs.business.xerox.com https://securitydocs.business.xerox.com/wp-content/uploads/2019/09/cert_Security_Mini_Bulletin_XRX19Y_for_WorkCentre-EC7836-EC7856.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •