toshiba tec corporation

Top products

The 15 most recently published vulnerabilities affecting toshiba tec corporation.

• CVE-2025-49797Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details...7.8Jun 25, 2025
• CVE-2024-36254Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.7.5Nov 26, 2024
• CVE-2024-36251The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed ...7.5Nov 26, 2024
• CVE-2024-36249Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be ex...7.4Nov 26, 2024
• CVE-2024-36248API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective v...9.1Nov 26, 2024
• CVE-2024-35244There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re...9.1Nov 26, 2024
• CVE-2024-34162The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the L...5.3Nov 26, 2024
• CVE-2024-33616Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on ...5.3Nov 26, 2024
• CVE-2024-33610"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayent...9.1Nov 26, 2024
• CVE-2024-33605Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to th...7.5Nov 26, 2024
• CVE-2024-32151User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model n...5.9Nov 26, 2024
• CVE-2024-29978User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model n...5.9Nov 26, 2024
• CVE-2024-29146User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model n...5.9Nov 26, 2024
• CVE-2024-28955Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As f...5.9Nov 26, 2024
• CVE-2024-28038The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results...9.0Nov 26, 2024