Lexmark : Security Vulnerabilities, CVEs, CVSS score >= 9

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).

Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.

Certain Lexmark devices through 2023-02-19 have an Integer Overflow.

Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.

Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.

Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.

Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.

Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.

Various Lexmark products have Incorrect Access Control.

Various Lexmark products have CSRF.

Various Lexmark products have a Buffer Overflow (issue 3 of 3).

Various Lexmark products have a Buffer Overflow (issue 2 of 3).

Various Lexmark products have an Integer Overflow.

Various Lexmark devices have a Buffer Overflow (issue 2 of 2).

Various Lexmark devices have a Buffer Overflow (issue 1 of 2).

Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.

Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (

An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could potentially be leveraged by an attacker to gain arbitrary code execution.

Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.

Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.

Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.