Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1072985?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1072985?format=api", "purl": "pkg:rpm/redhat/cups-main@2.4.17-1?arch=hum1", "type": "rpm", "namespace": "redhat", "name": "cups-main", "version": "2.4.17-1", "qualifiers": { "arch": "hum1" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68013?format=api", "vulnerability_id": "VCID-3etj-2m21-ffa1", "summary": "cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58364.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58364.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.2918", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.30003", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29955", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31552", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32402", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32388", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32436", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32463", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32467", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32429", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32439", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32683", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32781", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32668", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32735", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32774", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32708", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32786", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32875", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32857", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58364" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393078", "reference_id": "2393078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393078" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d", "reference_id": "e58cba9d6fceed4242980e51dbd1302cf638ab1d", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T17:37:26Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4", "reference_id": "GHSA-7qx3-r744-6qv4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T17:37:26Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15700", "reference_id": "RHSA-2025:15700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15701", "reference_id": "RHSA-2025:15701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16590", "reference_id": "RHSA-2025:16590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16591", "reference_id": "RHSA-2025:16591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16592", "reference_id": "RHSA-2025:16592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22063", "reference_id": "RHSA-2025:22063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" }, { "reference_url": "https://usn.ubuntu.com/7745-1/", "reference_id": "USN-7745-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7745-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-58364" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3etj-2m21-ffa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349655?format=api", "vulnerability_id": "VCID-63fa-a4pr-wqh3", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-file + rename(). This PoC clobbers CacheDir/job.cache with RSS XML, and after restarting cupsd the scheduler fails to parse the job cache and previously queued jobs disappear. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18102", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18019", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18317", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22859", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22822", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22765", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2278", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22733", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22531", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22692", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2252", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22522", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22838", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24042", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23991", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23935", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23953", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2384", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23922", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34978" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454957", "reference_id": "2454957", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454957" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr", "reference_id": "GHSA-f53q-7mxp-9gcr", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:39:23Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [], "aliases": [ "CVE-2026-34978" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63fa-a4pr-wqh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66476?format=api", "vulnerability_id": "VCID-6qd1-jvb8-jqak", "summary": "cups: cups-filters: cups-filters: Out-of-bounds write via crafted PDF MediaBox", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64503.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64503.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64503", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06713", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06652", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06564", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06637", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06645", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06556", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09803", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09658", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09625", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09582", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09495", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09656", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09726", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09704", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09737", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14874", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14849", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14926", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14728", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14819", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64503" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120697", "reference_id": "1120697", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120697" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120698", "reference_id": "1120698", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120698" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414705", "reference_id": "2414705", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414705" }, { "reference_url": "https://github.com/OpenPrinting/cups-filters/commit/50d94ca0f2fa6177613c97c59791bde568631865", "reference_id": "50d94ca0f2fa6177613c97c59791bde568631865", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:56:00Z/" } ], "url": "https://github.com/OpenPrinting/cups-filters/commit/50d94ca0f2fa6177613c97c59791bde568631865" }, { "reference_url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-893j-2wr2-wrh9", "reference_id": "GHSA-893j-2wr2-wrh9", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:56:00Z/" } ], "url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-893j-2wr2-wrh9" }, { "reference_url": "https://github.com/OpenPrinting/cups-filters/blob/aea8d0db017e495b0204433ebdb0e86b4871094c/filter/pdftoraster.cxx#L1620", "reference_id": "pdftoraster.cxx#L1620", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:56:00Z/" } ], "url": "https://github.com/OpenPrinting/cups-filters/blob/aea8d0db017e495b0204433ebdb0e86b4871094c/filter/pdftoraster.cxx#L1620" }, { "reference_url": "https://github.com/OpenPrinting/libcupsfilters/blob/1dd86d835b27ed149b66aee1a4853d1db8a1f44c/cupsfilters/pdftoraster.cxx#L1790", "reference_id": "pdftoraster.cxx#L1790", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:56:00Z/" } ], "url": "https://github.com/OpenPrinting/libcupsfilters/blob/1dd86d835b27ed149b66aee1a4853d1db8a1f44c/cupsfilters/pdftoraster.cxx#L1790" }, { "reference_url": "https://github.com/OpenPrinting/cups-filters/blob/aea8d0db017e495b0204433ebdb0e86b4871094c/filter/pdftoraster.cxx#L1880", "reference_id": "pdftoraster.cxx#L1880", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:56:00Z/" } ], "url": "https://github.com/OpenPrinting/cups-filters/blob/aea8d0db017e495b0204433ebdb0e86b4871094c/filter/pdftoraster.cxx#L1880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" }, { "reference_url": "https://usn.ubuntu.com/7877-1/", "reference_id": "USN-7877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7877-1/" }, { "reference_url": "https://usn.ubuntu.com/7878-1/", "reference_id": "USN-7878-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7878-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-64503" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6qd1-jvb8-jqak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66479?format=api", "vulnerability_id": "VCID-7xq5-z572-xub3", "summary": "cups: CUPS-Filters: Information disclosure and data corruption via crafted TIFF image file processing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57812.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57812.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04222", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04165", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04094", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04123", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04148", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04102", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06655", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0636", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06387", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.064", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06417", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0654", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06607", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06619", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06631", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15589", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15646", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15534", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-57812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57812" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120703", "reference_id": "1120703", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120703" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120704", "reference_id": "1120704", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120704" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414632", "reference_id": "2414632", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414632" }, { "reference_url": "https://github.com/OpenPrinting/libcupsfilters/commit/b69dfacec7f176281782e2f7ac44f04bf9633cfa", "reference_id": "b69dfacec7f176281782e2f7ac44f04bf9633cfa", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T20:46:48Z/" } ], "url": "https://github.com/OpenPrinting/libcupsfilters/commit/b69dfacec7f176281782e2f7ac44f04bf9633cfa" }, { "reference_url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-jpxg-qc2c-hgv4", "reference_id": "GHSA-jpxg-qc2c-hgv4", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T20:46:48Z/" } ], "url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-jpxg-qc2c-hgv4" }, { "reference_url": "https://github.com/OpenPrinting/libcupsfilters/blob/33421982e10f6a14bc0bab03b80c9cf4660e8d7d/cupsfilters/image-tiff.c#L32", "reference_id": "image-tiff.c#L32", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T20:46:48Z/" } ], "url": "https://github.com/OpenPrinting/libcupsfilters/blob/33421982e10f6a14bc0bab03b80c9cf4660e8d7d/cupsfilters/image-tiff.c#L32" }, { "reference_url": "https://github.com/OpenPrinting/cups-filters/blob/3c58463e341b12c9d30d7d3807d2bac1bc595a78/cupsfilters/image-tiff.c#L34", "reference_id": "image-tiff.c#L34", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T20:46:48Z/" } ], "url": "https://github.com/OpenPrinting/cups-filters/blob/3c58463e341b12c9d30d7d3807d2bac1bc595a78/cupsfilters/image-tiff.c#L34" }, { "reference_url": "https://github.com/OpenPrinting/cups-filters/blob/3c58463e341b12c9d30d7d3807d2bac1bc595a78/filter/imagetoraster.c#L613", "reference_id": "imagetoraster.c#L613", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-12T20:46:48Z/" } ], "url": "https://github.com/OpenPrinting/cups-filters/blob/3c58463e341b12c9d30d7d3807d2bac1bc595a78/filter/imagetoraster.c#L613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" }, { "reference_url": "https://usn.ubuntu.com/7877-1/", "reference_id": "USN-7877-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7877-1/" }, { "reference_url": "https://usn.ubuntu.com/7878-1/", "reference_id": "USN-7878-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7878-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-57812" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xq5-z572-xub3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68012?format=api", "vulnerability_id": "VCID-993k-m3sq-gufu", "summary": "cups: Authentication Bypass in CUPS Authorization Handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58060.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58060.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15471", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15401", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16442", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16147", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16263", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1637", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16335", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16368", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16411", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16496", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16551", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16532", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16494", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16436", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16376", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16395", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16433", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16325", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16323", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16279", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58060" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58060" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392595", "reference_id": "2392595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392595" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221", "reference_id": "595d691075b1d396d2edfaa0a8fd0873a0a1f221", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-11T17:33:32Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq", "reference_id": "GHSA-4c68-qgrh-rmmq", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-11T17:33:32Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15700", "reference_id": "RHSA-2025:15700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15701", "reference_id": "RHSA-2025:15701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15702", "reference_id": "RHSA-2025:15702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16590", "reference_id": "RHSA-2025:16590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16591", "reference_id": "RHSA-2025:16591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16592", "reference_id": "RHSA-2025:16592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17049", "reference_id": "RHSA-2025:17049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17054", "reference_id": "RHSA-2025:17054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17141", "reference_id": "RHSA-2025:17141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17144", "reference_id": "RHSA-2025:17144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17164", "reference_id": "RHSA-2025:17164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" }, { "reference_url": "https://usn.ubuntu.com/7745-1/", "reference_id": "USN-7745-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7745-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-58060" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-993k-m3sq-gufu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350476?format=api", "vulnerability_id": "VCID-b1yf-xuc1-ykak", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39314.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39314.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39314", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02187", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02209", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02171", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03689", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03739", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03692", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03695", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03717", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03555", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03682", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04582", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04205", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04174", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04573", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04574", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04575", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39314" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133184", "reference_id": "1133184", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133184" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456107", "reference_id": "2456107", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [], "aliases": [ "CVE-2026-39314" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b1yf-xuc1-ykak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350477?format=api", "vulnerability_id": "VCID-dx89-e1nn-w7gz", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39316.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03159", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03185", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03059", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03038", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03144", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03118", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03075", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0303", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02925", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03041", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03043", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03836", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03796", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03801", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05266", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05318", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133183", "reference_id": "1133183", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456120", "reference_id": "2456120", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456120" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg", "reference_id": "GHSA-pjv5-prqp-46rg", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:41:44Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [], "aliases": [ "CVE-2026-39316" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dx89-e1nn-w7gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349656?format=api", "vulnerability_id": "VCID-hc4t-becn-rkcc", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34979.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34979.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11845", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11719", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11635", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15919", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15958", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15851", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15775", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15979", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16232", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16081", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1612", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16195", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16123", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17672", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17495", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17592", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17555", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17403", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34979" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34979", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34979" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454946", "reference_id": "2454946", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454946" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh", "reference_id": "GHSA-6qxf-7jx6-86fh", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:19:03Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [], "aliases": [ "CVE-2026-34979" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hc4t-becn-rkcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349657?format=api", "vulnerability_id": "VCID-r1q4-2dq2-33ca", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04853", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05391", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06427", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06451", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06467", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06438", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06241", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06292", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06318", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08209", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1162", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11495", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1141", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12291", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12462", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12469", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12431", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12391", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34980" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454954", "reference_id": "2454954", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454954" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf", "reference_id": "GHSA-4852-v58g-6cwf", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T13:12:31Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [], "aliases": [ "CVE-2026-34980" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1q4-2dq2-33ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349658?format=api", "vulnerability_id": "VCID-ry9y-z4e4-yfdh", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That token is enough to drive /admin/ requests on localhost, and the attacker can combine CUPS-Create-Local-Printer with printer-is-shared=true to persist a file:///... queue even though the normal FileDevice policy rejects such URIs. Printing to that queue gives an arbitrary root file overwrite; the PoC below uses that primitive to drop a sudoers fragment and demonstrate root command execution. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34990.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34990.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01328", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01448", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01453", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01705", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01678", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01682", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01672", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02044", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02026", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02012", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02008", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01927", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01986", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02516", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02453", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02492", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02489", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02493", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02438", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454947", "reference_id": "2454947", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454947" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp", "reference_id": "GHSA-c54j-2vqw-wpwp", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-06T18:51:42Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [], "aliases": [ "CVE-2026-34990" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ry9y-z4e4-yfdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349638?format=api", "vulnerability_id": "VCID-vgtp-sjtt-73e9", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01562", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01848", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01803", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01808", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02723", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02639", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02657", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02695", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02696", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02697", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08917", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08908", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08839", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09632", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09793", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09776", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0966", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09815", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09824", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27447" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454949", "reference_id": "2454949", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454949" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220", "reference_id": "88516bf6d9e34cef7a64a704b856b837f70cd220", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9", "reference_id": "GHSA-v987-m8hp-phj9", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [], "aliases": [ "CVE-2026-27447" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgtp-sjtt-73e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66418?format=api", "vulnerability_id": "VCID-wr17-e776-bqh1", "summary": "cups: Slow client communication leads to a possible DoS attack", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58436.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58436.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05319", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05361", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05317", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05582", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08291", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08213", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08144", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0813", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08295", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08274", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08227", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0821", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08236", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08266", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08216", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08281", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08299", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0829", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0827", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08252", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58436" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416040", "reference_id": "2416040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416040" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4", "reference_id": "40008d76a001babbb9beb9d9d74b01a86fb6ddb4", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr", "reference_id": "GHSA-8wpw-vfgm-qrrr", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0312", "reference_id": "RHSA-2026:0312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0464", "reference_id": "RHSA-2026:0464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0464" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0596", "reference_id": "RHSA-2026:0596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" }, { "reference_url": "https://usn.ubuntu.com/7912-1/", "reference_id": "USN-7912-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7912-1/" }, { "reference_url": "https://usn.ubuntu.com/7912-2/", "reference_id": "USN-7912-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7912-2/" }, { "reference_url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15", "reference_id": "v2.4.15", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/" } ], "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15" } ], "fixed_packages": [], "aliases": [ "CVE-2025-58436" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wr17-e776-bqh1" } ], "fixing_vulnerabilities": [], "risk_score": "3.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups-main@2.4.17-1%3Farch=hum1" }