CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2024-6333 – Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products
https://notcve.org/view.php?id=CVE-2024-6333
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products. Various Xerox printers, such as models EC80xx, AltaLink, VersaLink, and WorkCentre, suffer from an authenticated remote code execution vulnerability. • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 223EXPL: 0CVE-2023-46327
https://notcve.org/view.php?id=CVE-2023-46327
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Multiple MFPs (Multifunction Printers) proporcionadas por FUJIFILM Business Innovation Corp. y Xerox Corporation brindan la posibilidad de exportar el contenido de su Libreta de Direcciones en forma cifrada, pero la seguridad del cifrado es insuficiente. Conociendo el proceso de cifrado y la clave de cifrado, se puede obtener información como las credenciales del servidor a partir de los datos exportados de la Libreta de Direcciones. • https://jvn.jp/en/vu/JVNVU96482726/index.html https://security.business.xerox.com/en-us/documents/bulletins https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/1031_addressbook_announce.html • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-45897
https://notcve.org/view.php?id=CVE-2022-45897
On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings. En dispositivos Xerox WorkCentre 3550 25.003.03.000, un atacante autenticado puede ver la configuración del servidor SMB y obtener las credenciales de texto plano almacenadas asociadas con esa configuración. • https://Xerox.com https://gist.github.com/waffl3ss/eb61d38b5c44131d3586578002c63640#file-cve-2022-45897 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26572
https://notcve.org/view.php?id=CVE-2022-26572
Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information. Se ha detectado que Xerox ColorQube 8580 contiene un problema de control de acceso que permite a atacantes imprimir, visualizar el estado y obtener información confidencial • https://github.com/yj12341/ColorQube-8580-/blob/main/README.md •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-37354
https://notcve.org/view.php?id=CVE-2021-37354
Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. Se ha detectado que Xerox Phaser 4622 versión v35.013.01.000, contiene un desbordamiento del búfer en la función sub_3226AC por medio de la variable TIMEZONE. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) por medio de datos de desbordamiento diseñados • https://github.com/Ainevsia/CVE-Request/tree/main/Xerox/1 • CWE-787: Out-of-bounds Write •