CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35235 – Cupsd Listen arbitrary chmod 0140777
https://notcve.org/view.php?id=CVE-2024-35235
11 Jun 2024 — OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the afore... • http://www.openwall.com/lists/oss-security/2024/06/11/1 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-252: Unchecked Return Value CWE-277: Insecure Inherited Permissions •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 3CVE-2023-4504 – OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
https://notcve.org/view.php?id=CVE-2023-4504
21 Sep 2023 — Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. Debido a un error al validar la longitud proporcionada por un documento PPD PostScript creado por un atacante, CUPS y libppd son susceptibles a un desbordamiento del búfer y posiblemente a la ejecución de código. Este problema se solucionó en... • https://github.com/OpenPrinting/cups/releases/tag/v2.4.7 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-32324 – OpenPrinting CUPS vulnerable to heap buffer overflow
https://notcve.org/view.php?id=CVE-2023-32324
01 Jun 2023 — OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of pub... • https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 24EXPL: 0CVE-2022-26691 – cups: authorization bypass when using "local" authorization
https://notcve.org/view.php?id=CVE-2022-26691
26 May 2022 — A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en Security Update 2022-003 Catalina, macOS Monterey versión 12.3, macOS Big Sur versión 11.6.5. • https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-697: Incorrect Comparison •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2021-25317 – cups: ownership of /var/log/cups allows the lp user to create files as root
https://notcve.org/view.php?id=CVE-2021-25317
05 May 2021 — A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar... • https://bugzilla.suse.com/show_bug.cgi?id=1184161 • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2012-6094
https://notcve.org/view.php?id=CVE-2012-6094
20 Dec 2019 — cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system La opción "Listen localhost:631" de cups (Common Unix Printing System) no acepto correctamente, que podría proporcionar acceso no autorizado al sistema. • http://www.openwall.com/lists/oss-security/2013/01/04/5 • CWE-863: Incorrect Authorization •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4300 – cups: Session cookie generated by the CUPS web interface is easy to guess
https://notcve.org/view.php?id=CVE-2018-4300
14 Aug 2018 — The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10. La cookie de sesión generada por la interfaz web de CUPS era fácil de adivinar en Linux, permitiendo un acceso de script no autorizado a la interfaz web cuando está deshabilitada. Este problema afectaba a las versiones anteriores a la v2.2.10. Attackers with local access can exploit secu... • http://www.securityfocus.com/bid/107785 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 2CVE-2017-18248 – Ubuntu Security Notice USN-3713-1
https://notcve.org/view.php?id=CVE-2017-18248
26 Mar 2018 — The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. La función add_job en scheduler/ipp.c en CUPS, en versiones anteriores a la 2.2.6, cuando un soporte D-Bus está habilitado, podría experimentar un cierre inesperado llevado a cabo por atacantes remotos mediante el envío de tareas de impresión con un nombre de usuario no válido. Esto está relacionado co... • https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18190 – cups: DNS rebinding attacks via incorrect whitelist
https://notcve.org/view.php?id=CVE-2017-18190
16 Feb 2018 — A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). Una entrada en la lista blanca localhost.localdomain en valid_host() en scheduler/client.c en CUPS, en v... • https://bugs.chromium.org/p/project-zero/issues/detail?id=1048 • CWE-284: Improper Access Control CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8166
https://notcve.org/view.php?id=CVE-2014-8166
12 Jan 2018 — The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name. La característica de navegación en el servidor en CUPS no filtra secuencias de escape ANSI de nombres de impresora compartidos, lo que podría permitir que atacantes remotos ejecuten código arbitrario mediante un nombre de impresora manipulado. • http://www.openwall.com/lists/oss-security/2015/03/24/15 • CWE-20: Improper Input Validation •