Filtered by vendor Ricoh
Subscriptions
Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43969 | 1 Ricoh | 154 Im 2500, Im 2500 Firmware, Im 2702 and 151 more | 2023-08-08 | 9.1 Critical |
| Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. | ||||
| CVE-2023-30759 | 1 Ricoh | 1 Printer Driver Packager Nx | 2023-06-27 | 7.8 High |
| The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege. | ||||
| CVE-2019-19363 | 1 Ricoh | 8 Generic Pcl5 Driver, Pc Fax Generic Driver, Pcl6 \(pcl Xl\) Driver and 5 more | 2023-02-10 | 7.8 High |
| An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version | ||||
| CVE-2019-14304 | 1 Ricoh | 104 M 2700, M 2700 Firmware, M 2701 and 101 more | 2023-02-01 | 8.8 High |
| Ricoh SP C250DN 1.06 devices allow CSRF. | ||||
| CVE-2019-14301 | 1 Ricoh | 104 M 2700, M 2700 Firmware, M 2701 and 101 more | 2023-02-01 | 7.5 High |
| Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2). | ||||
| CVE-2019-14302 | 1 Ricoh | 121 M 2700, M 2700 Firmware, M 2701 and 118 more | 2023-02-01 | 6.8 Medium |
| On Ricoh SP C250DN 1.06 devices, a debug port can be used. | ||||
| CVE-2019-14306 | 1 Ricoh | 96 M 2700, M 2700 Firmware, M 2701 and 93 more | 2023-01-31 | 7.5 High |
| Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2). | ||||
| CVE-2022-37406 | 1 Ricoh | 2 Aficio Sp 4210n, Aficio Sp 4210n Firmware | 2022-12-08 | 4.8 Medium |
| Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | ||||
| CVE-2015-6750 | 1 Ricoh | 1 Dl-1 Sr10 | 2022-10-03 | N/A |
| Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows remote attackers to execute arbitrary code via a long USER command. | ||||
| CVE-2022-36403 | 1 Ricoh | 1 Device Software Manager | 2022-09-15 | 7.8 High |
| Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2021-33945 | 1 Ricoh | 132 Aficio Sp 3500sf, Aficio Sp 3500sf Firmware, M 2700 and 129 more | 2022-05-11 | 9.8 Critical |
| RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 were discovered to contain a stack buffer overflow in the file /etc/wpa_supplicant.conf. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | ||||
| CVE-2019-20001 | 1 Ricoh | 2 Streamline Nx Client Tool, Streamline Nx Pc Client | 2021-07-21 | 7.8 High |
| An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges. | ||||
| CVE-2019-14303 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2020-08-24 | 7.5 High |
| Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability. | ||||
| CVE-2018-15884 | 1 Ricoh | 2 Mp C4504ex, Mp C4504ex Firmware | 2020-08-24 | N/A |
| RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. | ||||
| CVE-2019-11845 | 1 Ricoh | 2 Sp 4510dn, Sp 4510dn Firmware | 2020-08-24 | N/A |
| An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. | ||||
| CVE-2019-11844 | 1 Ricoh | 2 Sp 4520dn, Sp 4520dn Firmware | 2020-08-24 | N/A |
| An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter. | ||||
| CVE-2019-14299 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2020-08-24 | 9.8 Critical |
| Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. | ||||
| CVE-2019-14310 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2020-08-24 | 9.8 Critical |
| Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets | ||||
| CVE-2019-14309 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2020-03-18 | 7.5 High |
| Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. | ||||
| CVE-2019-7751 | 1 Ricoh | 1 Fusionpro Vdp | 2020-01-14 | 7.5 High |
| A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution. | ||||