CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2020-10669 – Oce Colorwave 500 CSRF / XSS / Authentication Bypass
https://notcve.org/view.php?id=CVE-2020-10669
19 Mar 2020 — The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the latest version. La aplicación web expuesta por la impresora Canon Oce Colorwave 500 versión 4.0.0.0, es vulnerable a una omisión de autenticación en la página /home.jsp. Un atacante no autenticado capaz de conectarse a ... • http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-Authentication-Bypass.html • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 4%CPEs: 1EXPL: 4CVE-2019-14339 – Canon PRINT 2.5.5 - Information Disclosure
https://notcve.org/view.php?id=CVE-2019-14339
30 Aug 2019 — The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key. ContentProvider en la aplicación Canon PRINT jp.co.canon.bsd.ad.pixmaprint versión 2.5.5 para Android no restringe correctamente el acceso a los datos de canon.ij.printer.capabil... • https://packetstorm.news/files/id/154266 •
CVSS: 8.8EPSS: 0%CPEs: 134EXPL: 1CVE-2019-6000
https://notcve.org/view.php?id=CVE-2019-6000
06 Aug 2019 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS... • http://jvn.jp/en/vu/JVNVU97511331/index.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 134EXPL: 1CVE-2019-5995
https://notcve.org/view.php?id=CVE-2019-5995
06 Aug 2019 — Missing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK... • http://jvn.jp/en/vu/JVNVU97511331/index.html • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 134EXPL: 1CVE-2019-5999
https://notcve.org/view.php?id=CVE-2019-5999
06 Aug 2019 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS... • http://jvn.jp/en/vu/JVNVU97511331/index.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 134EXPL: 1CVE-2019-5998
https://notcve.org/view.php?id=CVE-2019-5998
06 Aug 2019 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS... • http://jvn.jp/en/vu/JVNVU97511331/index.html • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 134EXPL: 1CVE-2019-6001
https://notcve.org/view.php?id=CVE-2019-6001
06 Aug 2019 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS... • http://jvn.jp/en/vu/JVNVU97511331/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 134EXPL: 1CVE-2019-5994
https://notcve.org/view.php?id=CVE-2019-5994
06 Aug 2019 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS... • http://jvn.jp/en/vu/JVNVU97511331/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-12111 – Canon PrintMe EFI - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-12111
11 Jun 2018 — Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI. Una vulnerabilidad Cross-Site Scripting (XSS) en la interfaz web de Canon PrintMe EFI permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro PATH_INFO en el URI /wt3/mydocs.php. Canon PrintMe EFI suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/148160 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 6%CPEs: 2EXPL: 1CVE-2018-12049
https://notcve.org/view.php?id=CVE-2018-12049
08 Jun 2018 — A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation ** EN DISPUTA ** Un atacante remoto puede omitir el modo "System Manager" en la interfaz web de Canon MF210 y LBP6030w sin conocer e... • https://gist.github.com/huykha/0381acb2dc580c728a79452b60fa082c • CWE-287: Improper Authentication •