Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-r1q4-2dq2-33ca
SummaryOpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.
Aliases
0
alias CVE-2026-34980
Fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1?distro=trixie
purl pkg:deb/debian/cups@2.4.17-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1%3Fdistro=trixie
1
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
Affected_packages
0
url pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8
purl pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3etj-2m21-ffa1
1
vulnerability VCID-63fa-a4pr-wqh3
2
vulnerability VCID-993k-m3sq-gufu
3
vulnerability VCID-am36-6m5v-fkba
4
vulnerability VCID-b1yf-xuc1-ykak
5
vulnerability VCID-dx89-e1nn-w7gz
6
vulnerability VCID-hc4t-becn-rkcc
7
vulnerability VCID-jy1y-e1nk-p3b4
8
vulnerability VCID-r1q4-2dq2-33ca
9
vulnerability VCID-ry9y-z4e4-yfdh
10
vulnerability VCID-vgtp-sjtt-73e9
11
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8
1
url pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8?distro=trixie
purl pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-jy1y-e1nk-p3b4
5
vulnerability VCID-r1q4-2dq2-33ca
6
vulnerability VCID-ry9y-z4e4-yfdh
7
vulnerability VCID-vgtp-sjtt-73e9
8
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8%3Fdistro=trixie
2
url pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9?distro=trixie
purl pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-jy1y-e1nk-p3b4
5
vulnerability VCID-r1q4-2dq2-33ca
6
vulnerability VCID-ry9y-z4e4-yfdh
7
vulnerability VCID-vgtp-sjtt-73e9
8
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9%3Fdistro=trixie
3
url pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9
purl pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-jy1y-e1nk-p3b4
5
vulnerability VCID-r1q4-2dq2-33ca
6
vulnerability VCID-ry9y-z4e4-yfdh
7
vulnerability VCID-vgtp-sjtt-73e9
8
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9
4
url pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2
purl pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-jy1y-e1nk-p3b4
5
vulnerability VCID-r1q4-2dq2-33ca
6
vulnerability VCID-ry9y-z4e4-yfdh
7
vulnerability VCID-vgtp-sjtt-73e9
8
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.10-3%252Bdeb13u2
5
url pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-jy1y-e1nk-p3b4
5
vulnerability VCID-r1q4-2dq2-33ca
6
vulnerability VCID-ry9y-z4e4-yfdh
7
vulnerability VCID-vgtp-sjtt-73e9
8
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.10-3%252Bdeb13u2%3Fdistro=trixie
6
url pkg:deb/debian/cups@2.4.16-1?distro=trixie
purl pkg:deb/debian/cups@2.4.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-r1q4-2dq2-33ca
5
vulnerability VCID-ry9y-z4e4-yfdh
6
vulnerability VCID-vgtp-sjtt-73e9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1%3Fdistro=trixie
7
url pkg:deb/debian/cups@2.4.16-1
purl pkg:deb/debian/cups@2.4.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-r1q4-2dq2-33ca
5
vulnerability VCID-ry9y-z4e4-yfdh
6
vulnerability VCID-vgtp-sjtt-73e9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1
8
url pkg:rpm/redhat/cups-main@2.4.17-1?arch=hum1
purl pkg:rpm/redhat/cups-main@2.4.17-1?arch=hum1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3etj-2m21-ffa1
1
vulnerability VCID-63fa-a4pr-wqh3
2
vulnerability VCID-6qd1-jvb8-jqak
3
vulnerability VCID-7xq5-z572-xub3
4
vulnerability VCID-993k-m3sq-gufu
5
vulnerability VCID-b1yf-xuc1-ykak
6
vulnerability VCID-dx89-e1nn-w7gz
7
vulnerability VCID-hc4t-becn-rkcc
8
vulnerability VCID-r1q4-2dq2-33ca
9
vulnerability VCID-ry9y-z4e4-yfdh
10
vulnerability VCID-vgtp-sjtt-73e9
11
vulnerability VCID-wr17-e776-bqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups-main@2.4.17-1%3Farch=hum1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34980
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08209
published_at 2026-04-18T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.1141
published_at 2026-04-07T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11495
published_at 2026-04-08T12:55:00Z
3
value 0.00038
scoring_system epss
scoring_elements 0.1162
published_at 2026-04-04T12:55:00Z
4
value 0.00041
scoring_system epss
scoring_elements 0.12291
published_at 2026-04-16T12:55:00Z
5
value 0.00041
scoring_system epss
scoring_elements 0.12462
published_at 2026-04-09T12:55:00Z
6
value 0.00041
scoring_system epss
scoring_elements 0.12469
published_at 2026-04-11T12:55:00Z
7
value 0.00041
scoring_system epss
scoring_elements 0.12431
published_at 2026-04-12T12:55:00Z
8
value 0.00041
scoring_system epss
scoring_elements 0.12391
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34980
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
reference_id 1132716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454954
reference_id 2454954
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454954
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
reference_id GHSA-4852-v58g-6cwf
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T13:12:31Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
7
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
Weaknesses
0
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
1
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploits
Severity_range_score6.1 - 6.4
Exploitability0.5
Weighted_severity5.8
Risk_score2.9
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-r1q4-2dq2-33ca