Tagged With "CVEs"

Microsoft flags security holes in IoT devices published advisory of 25 documented vulnerabilities (common vulnerabilities and exposures of CVEs) affecting wide range of IoT devices (aka Internet of Things, which includes MFPs and printers) - named the group of CVEs “BadAlloc” - could exploit to bypass security controls in order to execute malicious code or cause a system to crash

Lexmark has released a security firmware update to fix a severe vulnerability that could enable remote code execution (RCE) on more than 100 printer models. The security issue is tracked as CVE-2023-23560 and, according to the company, it has a severity rating of 9.0. It is a server-side request forgery (SSRF) in the Web Services feature of Lexmark devices. No evidence of exploitation The vendor’s advisory says that the bug could be leveraged to gain arbitrary code execution on the device,...

Ricoh has another security vulnerability Research published by CVE bulletin Apparently an issue with the MP305 series that allows hackers to execute arbitrary code using SNMP

Ricoh announces another security issue Sent out a bulletin warning of "Apache ActiveMQ remote code execution vulnerability" (CVE-2023-46604) could allow a hacker to remotely access Ricoh products and execute arbitrary commands. affects certain products and services that Ricoh develops, manufactures, primarily whiteboards

Print spooling attack has been flagged by Microsoft Russian state-sponsored threat actors have been observed abusing an old printer vulnerability to drop custom malware on target endpoints. The malware helped them exfiltrate sensitive data and login credentials, a report from Microsoft Threat Intelligence has claimed. As per the report, since mid-2019, a group known as Fancy Bear has been abusing a print spooler elevation of privilege bug found in Windows printers. The vulnerability, tracked...