CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-35235 – Cupsd Listen arbitrary chmod 0140777
https://notcve.org/view.php?id=CVE-2024-35235
11 Jun 2024 — OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the afore... • http://www.openwall.com/lists/oss-security/2024/06/11/1 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-252: Unchecked Return Value CWE-277: Insecure Inherited Permissions •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 3CVE-2023-4504 – OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
https://notcve.org/view.php?id=CVE-2023-4504
21 Sep 2023 — Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. Debido a un error al validar la longitud proporcionada por un documento PPD PostScript creado por un atacante, CUPS y libppd son susceptibles a un desbordamiento del búfer y posiblemente a la ejecución de código. Este problema se solucionó en... • https://github.com/OpenPrinting/cups/releases/tag/v2.4.7 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-32324 – OpenPrinting CUPS vulnerable to heap buffer overflow
https://notcve.org/view.php?id=CVE-2023-32324
01 Jun 2023 — OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of pub... • https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 24EXPL: 0CVE-2022-26691 – cups: authorization bypass when using "local" authorization
https://notcve.org/view.php?id=CVE-2022-26691
26 May 2022 — A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en Security Update 2022-003 Catalina, macOS Monterey versión 12.3, macOS Big Sur versión 11.6.5. • https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-697: Incorrect Comparison •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2021-25317 – cups: ownership of /var/log/cups allows the lp user to create files as root
https://notcve.org/view.php?id=CVE-2021-25317
05 May 2021 — A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar... • https://bugzilla.suse.com/show_bug.cgi?id=1184161 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4300 – cups: Session cookie generated by the CUPS web interface is easy to guess
https://notcve.org/view.php?id=CVE-2018-4300
14 Aug 2018 — The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10. La cookie de sesión generada por la interfaz web de CUPS era fácil de adivinar en Linux, permitiendo un acceso de script no autorizado a la interfaz web cuando está deshabilitada. Este problema afectaba a las versiones anteriores a la v2.2.10. Attackers with local access can exploit secu... • http://www.securityfocus.com/bid/107785 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 2CVE-2017-18248 – Ubuntu Security Notice USN-3713-1
https://notcve.org/view.php?id=CVE-2017-18248
26 Mar 2018 — The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. La función add_job en scheduler/ipp.c en CUPS, en versiones anteriores a la 2.2.6, cuando un soporte D-Bus está habilitado, podría experimentar un cierre inesperado llevado a cabo por atacantes remotos mediante el envío de tareas de impresión con un nombre de usuario no válido. Esto está relacionado co... • https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18190 – cups: DNS rebinding attacks via incorrect whitelist
https://notcve.org/view.php?id=CVE-2017-18190
16 Feb 2018 — A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). Una entrada en la lista blanca localhost.localdomain en valid_host() en scheduler/client.c en CUPS, en v... • https://bugs.chromium.org/p/project-zero/issues/detail?id=1048 • CWE-284: Improper Access Control CWE-290: Authentication Bypass by Spoofing •
CVSS: 10.0EPSS: 81%CPEs: 1EXPL: 4CVE-2015-1158 – CUPS < 2.0.3 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-1158
10 Jun 2015 — The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. La función add_job en scheduler/ipp.c en cupsd en CUPS anterior a 2.0.3 realiza incorrectamente las opera... • https://packetstorm.news/files/id/140920 • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 63%CPEs: 1EXPL: 2CVE-2015-1159 – cups: cross-site scripting flaw in CUPS web UI (VU#810572)
https://notcve.org/view.php?id=CVE-2015-1159
10 Jun 2015 — Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/. Vulnerabilidad de XSS en la función cgi_puts en cgi-bin/template.c en el motor de plantillas en CUPS anterior a 2.0.3 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro QUERY en help/. A cross-site scripting flaw was found in th... • https://packetstorm.news/files/id/132389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •