cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12511,https://securityvulnerability.io/vulnerability/CVE-2024-12511,Weakness in Xerox Printer SMB/FTP Configuration Management,"A security vulnerability in Xerox printers allows unauthorized modification of SMB and FTP settings through address book access. This can lead to redirected scans and the potential capture of sensitive credentials. The issue necessitates that scanning features and printer access are enabled, creating an exploit vector for malicious actors. Ensuring proper configuration and access controls is critical for safeguarding sensitive data.",Xerox,"Versalink B400,Versalink B405,Versalink C400,Versalink C405,Versalink B600/b610,Versalink B605/b615,Versalink C500/c600,Versalink C505/c605,Versalink C7000,Versalink C7020/c7025/c7030,Versalink B7025/b7030/b7035,Versalink B7125/b7130/b7135,Versalink C7120/c7125/c7130,Versalink C8000/c9000,Versalink C8000w,Phaser 6510,Workcentre 6515",7.6,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-03T19:23:52.125Z,0
CVE-2024-6333,https://securityvulnerability.io/vulnerability/CVE-2024-6333,"Remote Code Execution Vulnerability in Xerox Altalink, Versalink, and WorkCentre Products","A severe vulnerability has been identified in Xerox Altalink, Versalink, and WorkCentre products, allowing authenticated users to execute arbitrary code remotely. This could result in unauthorized access and potential system compromise. Users and administrators are advised to review the official security bulletin from Xerox to understand the implications and apply necessary updates to safeguard their environments.",Xerox,"Altalink® B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807,Xerox® Ec8036 / Ec8056,Xerox® Ec8036 / Ec8056 - Common Criteria (june 2022),Xerox® Ec8036 / Ec8056 - Common Criteria (june 2024),Altalink®c8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria (aug 2024),Altalink® C8130 / C8135 / C8145 / C8155 / C8170 | B8145 / B8155 / B8170 Common Criteria Certified (aug 2023),Versalink® B625 / C625 | B425 / C425 Common Criteria Certified (2024),Workcentre 3655/3655i,Workcentre 5945/55i,Workcentre 6655/6655i,Workcentre 7220/7225i,Workcentre 7830/7835i,Workcentre 7845/7855i,Workcentre 7845/7855 (ibg),Workcentre 7970/7970i,Workcentre Ec7836,Workcentre Ec7856",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-17T13:51:16.011Z,0
CVE-2024-47556,https://securityvulnerability.io/vulnerability/CVE-2024-47556,Remote Code Execution Vulnerability in Xerox FreeFlow Core,"The vulnerability identified presents the possibility of pre-authentication remote code execution through a path traversal technique. This security flaw enables unauthorized access to system files and executing commands on the server, posing a serious risk to organizations using the affected product. The improper validation of user-supplied input allows attackers to manipulate file paths, potentially leading to a full compromise of the system hosting Xerox FreeFlow Core. Companies relying on this software should promptly apply security patches provided in the relevant security bulletin to mitigate the risk.",Xerox,Freeflow Core,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-07T19:15:00.000Z,0
CVE-2024-47559,https://securityvulnerability.io/vulnerability/CVE-2024-47559,Authenticated Remote Code Execution Vulnerability in Xerox FreeFlow Core,"The vulnerability in Xerox FreeFlow Core (v7.0) allows for authenticated remote code execution through a path traversal flaw. This issue occurs when improper validation of user-supplied input enables an attacker to alter file paths in a way that may lead to unauthorized access and execution of malicious code on the server. If exploited, this vulnerability poses significant risks to the confidentiality, integrity, and availability of the system. Users are strongly advised to apply available patches and enhancements to safeguard their environments.",Xerox,Freeflow Core,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-07T19:15:00.000Z,0
CVE-2024-47558,https://securityvulnerability.io/vulnerability/CVE-2024-47558,Authenticated Remote Code Execution Vulnerability in Xerox FreeFlow Core,"An authenticated remote code execution vulnerability exists in Xerox FreeFlow Core, allowing for potential exploitation through a path traversal issue. Attackers with valid credentials could manipulate input paths to gain unauthorized access to system resources, potentially leading to malicious code execution. It is crucial for users of affected versions to apply the security updates provided in the Xerox Security Bulletin to mitigate this risk.",Xerox,Freeflow Core,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-07T19:15:00.000Z,0
CVE-2024-47557,https://securityvulnerability.io/vulnerability/CVE-2024-47557,Path Traversal Vulnerability in Xerox FreeFlow Core,"A path traversal vulnerability exists in Xerox FreeFlow Core, which may allow an attacker to execute remote code on the affected system without prior authentication. By exploiting this flaw, unauthorized users can traverse directories to access sensitive files and potentially gain control over the system. It is crucial for organizations utilizing this product to apply any available patches and implement security measures to mitigate the risk associated with this vulnerability.",Xerox,Freeflow Core,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-07T19:15:00.000Z,0
CVE-2022-26572,https://securityvulnerability.io/vulnerability/CVE-2022-26572,Access Control Issue in Xerox ColorQube 8580,"The Xerox ColorQube 8580 contains an access control issue that could allow attackers to gain unauthorized access to print jobs and view device status. Additionally, this vulnerability may enable malicious actors to extract sensitive information from the device, posing a significant risk to users relying on this printer for secure document handling. It is crucial for users to apply any available security updates and review their network security practices to mitigate potential exploitation.",Xerox,Colorqube 8580 Firmware,7.5,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2022-04-04T18:31:13.000Z,0
CVE-2021-37354,https://securityvulnerability.io/vulnerability/CVE-2021-37354,Buffer Overflow Vulnerability in Xerox Phaser 4622 Printer,"A buffer overflow vulnerability has been identified in the Xerox Phaser 4622 printer, specifically affecting version v35.013.01.000. This issue arises within the function sub_3226AC through improper handling of the TIMEZONE variable. An attacker can exploit this flaw by supplying specially crafted overflow data, potentially leading to a Denial of Service (DoS) condition, disrupting printer operations and affecting network printer availability.",Xerox,Phaser 4622 Firmware,9.8,CRITICAL,0.003269999986514449,false,,false,false,false,,,false,false,,2022-02-15T19:08:27.000Z,0
CVE-2022-23320,https://securityvulnerability.io/vulnerability/CVE-2022-23320,SQL Injection Vulnerability in XMPie uStore by XMPie,"XMPie uStore version 12.3.7244.0 contains a security vulnerability that allows authenticated administrators to execute raw SQL queries. The presence of default administrative credentials facilitates unauthorized access, enabling potential attackers to exfiltrate sensitive information from the database. This poses a significant risk to data confidentiality and integrity, underscoring the importance of secure configuration and proper credential management.",Xerox,Xmpie Ustore,7.5,HIGH,0.002309999894350767,false,,false,false,false,,,false,false,,2022-02-07T10:47:33.000Z,0
CVE-2022-23968,https://securityvulnerability.io/vulnerability/CVE-2022-23968,Remote Device Vulnerability in Xerox VersaLink Firmware,"Xerox VersaLink devices running specific versions of firmware prior to January 26, 2022, are susceptible to a vulnerability that enables remote attackers to cause a permanent denial of service. By exploiting a crafted TIFF file sent via an unauthenticated HTTP POST request, the devices can enter a boot loop due to faulty image parsing after a reboot. Although field technicians can resolve the issue, affected firmware versions including xx.42.01 and xx.50.61 are at risk. A recent vendor statement clarifies that newer firmware versions are not vulnerable.",Xerox,Versalink Firmware,7.5,HIGH,0.002749999985098839,false,,false,false,false,,,false,false,,2022-01-26T05:01:51.000Z,0
CVE-2019-10881,https://securityvulnerability.io/vulnerability/CVE-2019-10881,Default hidden Privileged Account Vulnerability in multiple XEROX devices,"Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.",Xerox,"Altalink B8045/b8055/b8065/b8075/b8090,Altalink C8030/c8035/c8045/c8055/c8070,Workcentre 3655,Workcentre 5845/5855/5865/5875/5890,Workcentre 5945/5955,Workcentre 6655,Workcentre 7220/7225,Workcentre 7830/7835/7845/7855,Workcentre 7970,Workcentre Ec7836/ec7856,Colorqube 9301/9302/9303,Colorqube 8700/8900,Workcentre 6400,Phaser 6700,Phaser 7800,Workcentre 5735/5740/5745/5755/5765/5775/5790,Workcentre 7525/7530/7535/7545/7556,Workcentre 7755/7765/7775",9.4,CRITICAL,0.0017800000496208668,false,,false,false,false,,,false,false,,2021-04-13T20:58:01.000Z,0
CVE-2021-28671,https://securityvulnerability.io/vulnerability/CVE-2021-28671,Remote Command Execution Vulnerability in Xerox Printers and Multifunction Devices,"A remote command execution vulnerability exists in the Web User Interface of several models of Xerox printers and multifunction devices. This flaw permits remote attackers, using a specifically crafted or weaponized clone file, to execute arbitrary commands on the devices. The vulnerability affects various versions of models such as the Xerox Phaser, WorkCentre, and VersaLink, necessitating immediate attention and remediation to safeguard against unauthorized access and potential exploitation.",Xerox,Phaser 6510 Firmware,9.8,CRITICAL,0.004110000096261501,false,,false,false,false,,,false,false,,2021-03-29T20:06:50.000Z,0
CVE-2021-28672,https://securityvulnerability.io/vulnerability/CVE-2021-28672,Buffer Overflow Vulnerability in Xerox Phaser and WorkCentre Printers,"The vulnerability in various Xerox printers allows remote attackers to execute arbitrary code by exploiting a buffer overflow in Web page parameter handling. This security flaw affects multiple models, enabling unauthorized access and potential malicious activities, thus emphasizing the necessity for immediate updates to secure these devices.",Xerox,Phaser 6510 Firmware,9.8,CRITICAL,0.00851999968290329,false,,false,false,false,,,false,false,,2021-03-29T20:06:46.000Z,0
CVE-2021-28668,https://securityvulnerability.io/vulnerability/CVE-2021-28668,SQL Injection Vulnerabilities in Xerox AltaLink B80xx and C80xx Series,"Several SQL injection vulnerabilities have been identified in the Xerox AltaLink B80xx and C80xx series of multifunction printers. These weaknesses could allow attackers to execute arbitrary SQL commands, potentially leading to unauthorized access to sensitive data. Users with affected versions are advised to update their firmware to the latest releases to mitigate these vulnerabilities and ensure the security of their printing environment.",Xerox,Altalink B8045 Firmware,9.8,CRITICAL,0.0013800000306218863,false,,false,false,false,,,false,false,,2021-03-29T19:28:09.000Z,0
CVE-2021-28669,https://securityvulnerability.io/vulnerability/CVE-2021-28669,Configuration Attribute Modification in Xerox AltaLink Multifunction Printers,Certain models of Xerox AltaLink Multifunction Printers prior to specified firmware versions allow users to change configuration settings without proper administrative privileges. This unauthorized modification can potentially lead to misconfigurations and expose sensitive data. Users must ensure their devices are updated to mitigate these risks and maintain secure operational integrity.,Xerox,Altalink B8045 Firmware,7.5,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2021-03-29T19:27:59.000Z,0
CVE-2021-28673,https://securityvulnerability.io/vulnerability/CVE-2021-28673,Remote Code Execution Vulnerability in Xerox Printers and Multifunction Devices,"A remote code execution vulnerability has been identified in various Xerox printers and multifunction devices. This flaw allows attackers to exploit the Web User Interface using a specially crafted clone file, enabling them to execute arbitrary commands remotely. It is crucial for users to apply the latest firmware updates to protect their devices from potential exploitation.",Xerox,Phaser 6510 Firmware,9.8,CRITICAL,0.0034600000362843275,false,,false,false,false,,,false,false,,2021-03-29T19:00:49.000Z,0
CVE-2021-28670,https://securityvulnerability.io/vulnerability/CVE-2021-28670,Unauthorized File Deletion Vulnerability in Xerox AltaLink Products,"Xerox AltaLink printers, specifically B8045/B8090, C8030/C8035, C8045/C8055, and C8070 models prior to their respective firmware versions, are susceptible to a security flaw that enables unauthorized users to delete arbitrary files on the device's disk by exploiting the Scan To Mailbox feature. This vulnerability poses a risk of data loss and could lead to the compromise of sensitive information.",Xerox,Altalink B8045 Firmware,9.1,CRITICAL,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-03-29T17:40:09.000Z,0
CVE-2021-20679,https://securityvulnerability.io/vulnerability/CVE-2021-20679,Denial of Service Vulnerability in Fuji Xerox Multi-function Devices and Printers,"A vulnerability in multiple Fuji Xerox multifunction devices and printers permits an attacker to exploit the system through specially crafted commands. This can lead to a denial of service (DoS) condition, causing abnormal termination (ABEND) of the affected devices, thus disrupting their functionality. Organizations using these devices should apply the necessary updates to mitigate potential exploitation.","Fuji Xerox Co.,ltd.",Fuji Xerox Multifunction Devices And Printers,7.5,HIGH,0.0018400000408291817,false,,false,false,false,,,false,false,,2021-03-25T05:30:18.000Z,0
CVE-2019-18630,https://securityvulnerability.io/vulnerability/CVE-2019-18630,Data Exposure Vulnerability in Xerox Multifunction Printers,"A vulnerability exists in specific Xerox AltaLink multifunction printers, where portions of the drive containing executable code are not encrypted. This lack of encryption allows the potential for cryptographic information disclosure, potentially exposing sensitive data to unauthorized access. Affected models include various iterations of the AltaLink B-series and C-series printers that are running software versions prior to 101.00x.099.28200. It is critical for users of these devices to ensure they are using the latest firmware to mitigate risks associated with this vulnerability.",Xerox,Altalink B8045 Firmware,7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-03-04T22:07:44.000Z,0
CVE-2019-18629,https://securityvulnerability.io/vulnerability/CVE-2019-18629,Unwanted Binary Execution Vulnerability in Xerox AltaLink Multifunction Printers,"Certain Xerox AltaLink multifunction printers, specifically models B8045, B8055, B8065, B8075, B8090 and C8030, C8035, C8045, C8055, C8070, are vulnerable to unauthorized binary execution. This vulnerability arises from flaws in the software versions prior to 101.00x.099.28200, allowing attackers to execute malicious binaries by exploiting a cloned installation. The attack vector necessitates the creation of a clone file that has been signed with a compromised private key, leading to potential security threats for organizations utilizing these devices.",Xerox,Altalink B8045 Firmware,8.1,HIGH,0.0024399999529123306,false,,false,false,false,,,false,false,,2021-03-04T06:12:03.000Z,0
CVE-2020-36201,https://securityvulnerability.io/vulnerability/CVE-2020-36201,Encryption Vulnerability in Xerox WorkCentre Devices,"A significant security flaw has been identified in several Xerox WorkCentre products, where passwords are not encrypted properly. This vulnerability impacts multiple device models, posing a risk of unauthorized access and exposure of sensitive information. Users of the affected models should review their security settings and consider immediate updates or security measures to mitigate potential risks associated with this weakness.",Xerox,Workcentre 3655 Firmware,7.5,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2021-01-26T18:15:00.000Z,0
CVE-2016-11061,https://securityvulnerability.io/vulnerability/CVE-2016-11061,Remote Command Execution Vulnerability in Xerox Multifunction Printers,"Certain models of Xerox WorkCentre multifunction printers have a vulnerability in the support/remoteUI/configrui.php script, allowing unauthenticated attackers to execute arbitrary OS commands on the devices. This issue arises due to insufficient sanitization of user input parameters, enabling potential exploitation without authentication. Affected models include various versions under the WorkCentre 3655, 58XX, 59XX, 6655, 72XX, 78XX, and 7970 series, underscoring the need for immediate updates to safeguard against unauthorized access.",Xerox,Workcentre 3655 Firmware,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2020-04-29T21:23:30.000Z,0
CVE-2019-13165,https://securityvulnerability.io/vulnerability/CVE-2019-13165,Buffer Overflow Vulnerability in Xerox Printers IPP Service,"Xerox printers, notably the Phaser 3320, are susceptible to a buffer overflow vulnerability in the IPP service's request parser. This flaw enables an unauthenticated attacker to execute a Denial of Service (DoS) attack, which could disrupt printer availability and potentially allow for arbitrary code execution. Organizations using these printers should implement security measures to protect against exploitation.",Xerox,Phaser 3320 Firmware,9.8,CRITICAL,0.003120000008493662,false,,false,false,false,,,false,false,,2020-03-13T18:35:08.000Z,0
CVE-2019-13166,https://securityvulnerability.io/vulnerability/CVE-2019-13166,Account Lockout Vulnerability in Xerox Printers,"Certain Xerox printers, including the Phaser 3320, lack a mechanism to lock out accounts after multiple failed login attempts. This oversight allows local account credentials to be exposed through brute force guessing attacks, potentially compromising sensitive information and network security. Organizations using these printers are urged to take immediate action to mitigate risks associated with this vulnerability.",Xerox,Phaser 3320 Firmware,7.5,HIGH,0.0014900000533089042,false,,false,false,false,,,false,false,,2020-03-13T18:33:54.000Z,0
CVE-2019-13168,https://securityvulnerability.io/vulnerability/CVE-2019-13168,Buffer Overflow Vulnerability in Xerox Printers,"A buffer overflow vulnerability exists in the attributes parser of the IPP service in some Xerox printers, including the Phaser 3320. This flaw enables unauthenticated attackers to exploit the vulnerability, potentially leading to a Denial of Service (DoS) condition and allowing the execution of arbitrary code on the affected devices.",Xerox,Phaser 3320 Firmware,9.8,CRITICAL,0.003120000008493662,false,,false,false,false,,,false,false,,2020-03-13T18:23:08.000Z,0