CVE-2020-10094
https://notcve.org/view.php?id=CVE-2020-10094
A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier. Una vulnerabilidad de tipo cross-site scripting (XSS) en Lexmark CS31x versiones anteriores a LW74.VYL.P273; CS41x versiones anteriores a LW74.VY2.P273; CS51x versiones anteriores a LW74.VY4.P273; CX310 versiones anteriores a LW74.GM2.P273; CX410 & XC2130 versiones anteriores a LW74.GM4.P273; CX510 & XC2132 versiones anteriores a LW74.GM7.P273; MS310, MS312, MS317 versiones anteriores a LW74.PRL.P273; MS410, M1140 versiones anteriores a LW74.PRL.P273; MS315, MS415, MS417 versiones anteriores a LW74.TL2.P273; MS51x, MS610dn, MS617 versiones anteriores a LW74.PR2.P273; M1145, M3150dn versiones anteriores a LW74.PR2.P273; MS610de, M3150 versiones anteriores a LW74.PR4.P273; MS71x, M5163dn versiones anteriores a LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 versiones anteriores a LW74.DN2.P273; MS810de, M5155, M5163 versiones anteriores a LW74.DN4.P273; MS812de, M5170 versiones anteriores a LW74.DN7.P273; MS91x versiones anteriores a LW74.SA.P273; MX31x, XM1135 versiones anteriores a LW74.SB2.P273; MX410, MX510 & MX511 versiones anteriores a LW74.SB4.P273; XM1140, XM1145 versiones anteriores a LW74.SB4.P273; MX610 & MX611 versiones anteriores a LW74.SB7.P273; XM3150 versiones anteriores a LW74.SB7.P273; MX71x, MX81x versiones anteriores a LW74.TU.P273; XM51xx & XM71xx versiones anteriores a LW74.TU.P273; MX91x & XM91x versiones anteriores a LW74.MG.P273; MX6500e versiones anteriores a LW74.JD.P273; C746 versiones anteriores a LHS60.CM2.P738; C748, CS748 versiones anteriores a LHS60.CM4.P738; C792, CS796 versiones anteriores a LHS60.HC.P738; C925 versiones anteriores a LHS60.HV.P738; C950 versiones anteriores a LHS60.TP.P738; X548 & XS548 versiones anteriores a LHS60.VK.P738; X74x & XS748 versiones anteriores a LHS60.NY.P738; X792 & XS79x versiones anteriores a LHS60.MR.P738; X925 & XS925 versiones anteriores a LHS60.HK.P738; X95x & XS95x versiones anteriores a LHS60.TQ.P738; 6500e versiones anteriores a LHS60.JR.P738; C734 versiones LR.SK.P824 y anteriores; C736 versiones LR.SKE.P824 y anteriores; E46x versiones LR.LBH.P824 y anteriores; T65x versiones LR.JP.P824 y anteriores; X46x versiones LR.BS.P824 y anteriores; X65x versiones LR.MN.P824 y anteriores; X73x versiones LR.FL.P824 y anteriores; W850 versiones LP.JB.P823 y anteriores; y versiones X86x LP.SP.P823 y anteriores. • http://support.lexmark.com/index?page=content&id=TE936 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-18894
https://notcve.org/view.php?id=CVE-2018-18894
Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server. Ciertos dispositivos Lexmark más antiguos (C, M, X, y 6500e antes del 18-12-2018), contienen una vulnerabilidad de salto de directorio en el servidor web incorporado. • http://support.lexmark.com/alerts http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2011-3269
https://notcve.org/view.php?id=CVE-2011-3269
Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. Los dispositivos Lexmark X, W, T, E, C, 6500e y 25xxN antes del 15-11-2011, permiten a atacantes obtener información confidencial por medio de una dirección de correo electrónico oculta en un acceso directo de Scan To Email. • http://contentdelivery.lexmark.com/webcontent/Email_shortcut_vulnerability.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-4538
https://notcve.org/view.php?id=CVE-2011-4538
Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings. Los dispositivos Lexmark X, W, T, E y C versiones anteriores al 09-02-2012, permiten a atacantes obtener información confidencial por medio de una lectura de contraseñas dentro de una configuración exportada. • http://contentdelivery.lexmark.com/webcontent/CVE-2011-4538.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-1487
https://notcve.org/view.php?id=CVE-2016-1487
Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization. Lexmark Markvision Enterprise versiones anteriores a 2.3.0, usa inapropiadamente la Apache Commons Collections Library, conllevando a una ejecución de código remota debido a una deserialización de Java. • http://support.lexmark.com/index?page=content&id=TE747&locale=EN&userlocale=EN_US • CWE-502: Deserialization of Untrusted Data •