Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Altalink_c8035_firmware
(Xerox)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 9 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-04 | CVE-2019-18630 | On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure. | Altalink_b8045_firmware, Altalink_b8055_firmware, Altalink_b8065_firmware, Altalink_b8075_firmware, Altalink_b8090_firmware, Altalink_c8030_firmware, Altalink_c8035_firmware, Altalink_c8045_firmware, Altalink_c8055_firmware, Altalink_c8070_firmware | 7.5 | ||
| 2021-04-13 | CVE-2019-10881 | Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled. | Altalink_b8045_firmware, Altalink_b8055_firmware, Altalink_b8065_firmware, Altalink_b8075_firmware, Altalink_b8090_firmware, Altalink_c8030_firmware, Altalink_c8035_firmware, Altalink_c8045_firmware, Altalink_c8055_firmware, Altalink_c8070_firmware | 9.8 | ||
| 2021-03-29 | CVE-2021-28670 | Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk. | Altalink_b8045_firmware, Altalink_b8055_firmware, Altalink_b8065_firmware, Altalink_b8075_firmware, Altalink_b8090_firmware, Altalink_c8030_firmware, Altalink_c8035_firmware, Altalink_c8045_firmware, Altalink_c8055_firmware, Altalink_c8070_firmware | 9.1 | ||
| 2021-03-29 | CVE-2021-28669 | Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights. | Altalink_b8045_firmware, Altalink_b8055_firmware, Altalink_b8065_firmware, Altalink_b8075_firmware, Altalink_b8090_firmware, Altalink_c8030_firmware, Altalink_c8035_firmware, Altalink_c8045_firmware, Altalink_c8055_firmware, Altalink_c8070_firmware | 7.5 | ||
| 2021-03-29 | CVE-2021-28668 | Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities. | Altalink_b8045_firmware, Altalink_b8055_firmware, Altalink_b8065_firmware, Altalink_b8075_firmware, Altalink_b8090_firmware, Altalink_c8030_firmware, Altalink_c8035_firmware, Altalink_c8045_firmware, Altalink_c8055_firmware, Altalink_c8070_firmware | 9.8 | ||
| 2021-03-04 | CVE-2019-18629 | Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key. | Altalink_b8045_firmware, Altalink_b8055_firmware, Altalink_b8065_firmware, Altalink_b8075_firmware, Altalink_b8090_firmware, Altalink_c8030_firmware, Altalink_c8035_firmware, Altalink_c8045_firmware, Altalink_c8055_firmware, Altalink_c8070_firmware | 8.1 | ||
| 2021-03-04 | CVE-2019-18628 | Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure. | Altalink_b8045_firmware, Altalink_b8055_firmware, Altalink_b8065_firmware, Altalink_b8075_firmware, Altalink_b8090_firmware, Altalink_c8030_firmware, Altalink_c8035_firmware, Altalink_c8045_firmware, Altalink_c8055_firmware, Altalink_c8070_firmware | 4.9 | ||
| 2019-12-18 | CVE-2019-19832 | Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.) | Altalink_c8035_firmware | N/A | ||
| 2019-01-03 | CVE-2018-17172 | The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection. | Altalink_b8045_firmware, Altalink_b8055_firmware, Altalink_b8065_firmware, Altalink_b8075_firmware, Altalink_b8090_firmware, Altalink_c8030_firmware, Altalink_c8035_firmware, Altalink_c8045_firmware, Altalink_c8055_firmware, Altalink_c8070_firmware | 9.8 |