Vulnerabilidades em Toshiba Tec Corporation
69 resultadosCVE-2024-27142MEDIUMPre-authenticated XXE injectionEPSS 0.9%CVE-2024-33616MEDIUMAdmin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. SharpEPSS 0.9%CVE-2024-29146MEDIUMUser passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump fiEPSS 0.9%CVE-2024-27175MEDIUMLocal File InclusionEPSS 0.9%CVE-2024-34162MEDIUMThe web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP autheEPSS 0.8%CVE-2024-3497HIGHDirectory Traversal Remote Code Execution VulnerabilityEPSS 0.7%CVE-2024-42420HIGHSharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improEPSS 0.7%CVE-2024-43424HIGHSharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability.
Crafted HTTP requestsEPSS 0.7%CVE-2024-3496HIGHAuthentication Bypass VulnerabilityEPSS 0.7%CVE-2024-36254HIGHOut-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lEPSS 0.7%CVE-2024-45829MEDIUMSharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulEPSS 0.7%CVE-2024-47406CRITICALSharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.EPSS 0.6%CVE-2024-45842MEDIUMSharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability.
Unintended internaEPSS 0.5%CVE-2024-36249HIGHCross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this EPSS 0.5%CVE-2024-27171HIGHInsecure permissionsEPSS 0.5%CVE-2024-47005HIGHSharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficientEPSS 0.5%CVE-2024-27157MEDIUMLeak of authentication sessions in secure logsEPSS 0.4%CVE-2024-27156MEDIUMLeak of authentication sessions in secure logsEPSS 0.4%CVE-2024-27163MEDIUMLeak of admin password and passwordsEPSS 0.4%CVE-2024-27155HIGHLocal Privilege Escalation and Remote Code Execution using insecure permissionsEPSS 0.4%