CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1126 – Lexmark has identified a vulnerability in our Lexmark Print Management Client (LPMC).
https://notcve.org/view.php?id=CVE-2025-1126
11 Feb 2025 — A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client. • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50733 – A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.
https://notcve.org/view.php?id=CVE-2023-50733
21 Jan 2025 — A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices. A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices. • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-50738 – A firmware downgrade prevention vulnerability has been identified in newer Lexmark devices.
https://notcve.org/view.php?id=CVE-2023-50738
31 May 2024 — A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the `/usr/bin/hydra` service, which listens on TCP port 9100 by default. The issue results from the lack of proper validatio... • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-354: Improper Validation of Integrity Check Value CWE-1328: Security Version Number Mutable to Older Versions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50739 – A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices.
https://notcve.org/view.php?id=CVE-2023-50739
26 Apr 2024 — A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IPP server, which listens on TCP port 631 by default. The issue results from the ... • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50734 – A vulnerability has been identified in the PostScript interpreter in various Lexmark devices.
https://notcve.org/view.php?id=CVE-2023-50734
31 Jan 2024 — A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. Se ha identificado una vulnerabilidad de desbordamiento del búfer en el intérprete PostScript de varios dispositivos Lexmark. Un atacante puede aprovechar la vulnerabilidad para ejecutar código arbitrario. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331ad... • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50735 – A vulnerability has been identified in the PostScript interpreter in various Lexmark devices.
https://notcve.org/view.php?id=CVE-2023-50735
31 Jan 2024 — A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. Se ha identificado una vulnerabilidad de corrupción del montón en el intérprete PostScript de varios dispositivos Lexmark. Un atacante puede aprovechar la vulnerabilidad para ejecutar código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-465: Pointer Issues •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50736 – A vulnerability has been identified in the PostScript interpreter in various Lexmark devices.
https://notcve.org/view.php?id=CVE-2023-50736
31 Jan 2024 — A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. Se ha identificado una vulnerabilidad de corrupción de memoria en el intérprete PostScript de varios dispositivos Lexmark. Un atacante puede aprovechar la vulnerabilidad para ejecutar código arbitrario. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adw... • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50737 – An input validation vulnerability in the SE Menu allows an attacker to execute arbitrary code.
https://notcve.org/view.php?id=CVE-2023-50737
31 Jan 2024 — The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code. El menú SE contiene información utilizada por Lexmark para diagnosticar errores del dispositivo. Un atacante puede aprovechar una vulnerabilidad en una de las rutinas del menú SE para ejecutar código arbitrario. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX... • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 164EXPL: 0CVE-2023-40239
https://notcve.org/view.php?id=CVE-2023-40239
01 Sep 2023 — Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability. Ciertos dispositivos Lexmark (como el CS310) anteriores al 25-08-2023 permiten ataques XXE, que conducen a la divulgación de información. La versión de firmware corregida es LW80.*.P246... • https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 265EXPL: 0CVE-2023-26070
https://notcve.org/view.php?id=CVE-2023-26070
10 Apr 2023 — Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4). • https://publications.lexmark.com/publications/security-alerts/CVE-2023-26070.pdf • CWE-20: Improper Input Validation •