Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/584493?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "type": "deb", "namespace": "debian", "name": "cups", "version": "2.3.3op2-3+deb11u8", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.18-1", "latest_non_vulnerable_version": "2.4.18-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68013?format=api", "vulnerability_id": "VCID-3etj-2m21-ffa1", "summary": "cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58364.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58364.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.2918", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.30003", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29955", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31552", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32467", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32388", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32436", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32463", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32429", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32402", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32439", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32668", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32735", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32857", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32875", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32781", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58364" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393078", "reference_id": "2393078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393078" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d", "reference_id": "e58cba9d6fceed4242980e51dbd1302cf638ab1d", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T17:37:26Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4", "reference_id": "GHSA-7qx3-r744-6qv4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T17:37:26Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15700", "reference_id": "RHSA-2025:15700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15701", "reference_id": "RHSA-2025:15701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16590", "reference_id": "RHSA-2025:16590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16591", "reference_id": "RHSA-2025:16591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16592", "reference_id": "RHSA-2025:16592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22063", "reference_id": "RHSA-2025:22063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" }, { "reference_url": "https://usn.ubuntu.com/7745-1/", "reference_id": "USN-7745-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7745-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584494?format=api", "purl": "pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9" } ], "aliases": [ "CVE-2025-58364" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3etj-2m21-ffa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349655?format=api", "vulnerability_id": "VCID-63fa-a4pr-wqh3", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-file + rename(). This PoC clobbers CacheDir/job.cache with RSS XML, and after restarting cupsd the scheduler fails to parse the job cache and previously queued jobs disappear. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18102", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18019", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18317", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22859", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22822", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22765", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2278", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22733", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22531", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22692", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2252", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22522", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22838", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23922", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2384", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34978" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454957", "reference_id": "2454957", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454957" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr", "reference_id": "GHSA-f53q-7mxp-9gcr", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:39:23Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-34978" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63fa-a4pr-wqh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68012?format=api", "vulnerability_id": "VCID-993k-m3sq-gufu", "summary": "cups: Authentication Bypass in CUPS Authorization Handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58060.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58060.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15471", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15401", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16263", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16433", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16325", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16323", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16279", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16147", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16411", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16496", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16551", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16532", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16494", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16436", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16376", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16395", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58060" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58060" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392595", "reference_id": "2392595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392595" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221", "reference_id": "595d691075b1d396d2edfaa0a8fd0873a0a1f221", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-11T17:33:32Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq", "reference_id": "GHSA-4c68-qgrh-rmmq", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-11T17:33:32Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15700", "reference_id": "RHSA-2025:15700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15701", "reference_id": "RHSA-2025:15701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15702", "reference_id": "RHSA-2025:15702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16590", "reference_id": "RHSA-2025:16590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16591", "reference_id": "RHSA-2025:16591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16592", "reference_id": "RHSA-2025:16592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17049", "reference_id": "RHSA-2025:17049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17054", "reference_id": "RHSA-2025:17054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17141", "reference_id": "RHSA-2025:17141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17144", "reference_id": "RHSA-2025:17144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17164", "reference_id": "RHSA-2025:17164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" }, { "reference_url": "https://usn.ubuntu.com/7745-1/", "reference_id": "USN-7745-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7745-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584494?format=api", "purl": "pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9" } ], "aliases": [ "CVE-2025-58060" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-993k-m3sq-gufu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73815?format=api", "vulnerability_id": "VCID-am36-6m5v-fkba", "summary": "cups: libppd: remote command injection via attacker controlled data in PPD file", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47175.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47175.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47175", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96927", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96878", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96883", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96891", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96893", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96895", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96897", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96898", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96905", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96909", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96919", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96923", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.33659", "scoring_system": "epss", "scoring_elements": "0.96918", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.33659", "scoring_system": "epss", "scoring_elements": "0.96955", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.33659", "scoring_system": "epss", "scoring_elements": "0.96957", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47175" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47175", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47175" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256", "reference_id": "2314256", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256" }, { "reference_url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I", "reference_id": "Attacking-UNIX-systems-via-CUPS-Part-I", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/" } ], "url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I" }, { "reference_url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6", "reference_id": "GHSA-7xfx-47qg-grp6", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/" } ], "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6" }, { "reference_url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47", "reference_id": "GHSA-p9rh-jxmq-gq47", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/" } ], "url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47" }, { "reference_url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8", "reference_id": "GHSA-rj88-6mr5-rcw8", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/" } ], "url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8" }, { "reference_url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5", "reference_id": "GHSA-w63j-6g73-wmg5", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/" } ], "url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7346", "reference_id": "RHSA-2024:7346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7461", "reference_id": "RHSA-2024:7461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7462", "reference_id": "RHSA-2024:7462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7463", "reference_id": "RHSA-2024:7463", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7503", "reference_id": "RHSA-2024:7503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7504", "reference_id": "RHSA-2024:7504", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7504" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7506", "reference_id": "RHSA-2024:7506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7551", "reference_id": "RHSA-2024:7551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7553", "reference_id": "RHSA-2024:7553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7623", "reference_id": "RHSA-2024:7623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9470", "reference_id": "RHSA-2024:9470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0083", "reference_id": "RHSA-2025:0083", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0083" }, { "reference_url": "https://usn.ubuntu.com/7041-1/", "reference_id": "USN-7041-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7041-1/" }, { "reference_url": "https://usn.ubuntu.com/7041-2/", "reference_id": "USN-7041-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7041-2/" }, { "reference_url": "https://usn.ubuntu.com/7041-3/", "reference_id": "USN-7041-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7041-3/" }, { "reference_url": "https://usn.ubuntu.com/7045-1/", "reference_id": "USN-7045-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7045-1/" }, { "reference_url": "https://www.cups.org", "reference_id": "www.cups.org", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/" } ], "url": "https://www.cups.org" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584494?format=api", "purl": "pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9" } ], "aliases": [ "CVE-2024-47175" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am36-6m5v-fkba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350476?format=api", "vulnerability_id": "VCID-b1yf-xuc1-ykak", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39314.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39314.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39314", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02187", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02209", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02171", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03689", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03739", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03692", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03695", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03717", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03555", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03682", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04174", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04205", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39314" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133184", "reference_id": "1133184", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133184" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456107", "reference_id": "2456107", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-39314" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b1yf-xuc1-ykak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350477?format=api", "vulnerability_id": "VCID-dx89-e1nn-w7gz", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39316.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0303", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03159", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03185", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03059", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03038", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03144", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03118", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03075", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02925", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03041", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03043", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05318", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05266", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133183", "reference_id": "1133183", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456120", "reference_id": "2456120", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456120" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg", "reference_id": "GHSA-pjv5-prqp-46rg", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:41:44Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-39316" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dx89-e1nn-w7gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/354433?format=api", "vulnerability_id": "VCID-gwcb-nhpk-2kca", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41079.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41079.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01624", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01625", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0302", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02999", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461611", "reference_id": "2461611", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461611" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080", "reference_id": "b7c2525a885f528d243c3a92197ca99609b3f080", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:47:25Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737", "reference_id": "d7fe0f521ff3b24676511e747b058362b9a20737", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:47:25Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv", "reference_id": "GHSA-6wpw-g8g6-wvrv", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:47:25Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-41079" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwcb-nhpk-2kca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349656?format=api", "vulnerability_id": "VCID-hc4t-becn-rkcc", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34979.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34979.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11845", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11719", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11635", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15919", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15958", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15851", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15775", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15979", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16232", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16081", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1612", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16195", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16123", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17495", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17403", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34979" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34979", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34979" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454946", "reference_id": "2454946", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454946" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh", "reference_id": "GHSA-6qxf-7jx6-86fh", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:19:03Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-34979" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hc4t-becn-rkcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66419?format=api", "vulnerability_id": "VCID-jy1y-e1nk-p3b4", "summary": "CUPS: Local denial-of-service via cupsd.conf update and related issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61915.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61915.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09474", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09405", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09318", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09817", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09845", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09727", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09698", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09848", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09893", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09867", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09766", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09838", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09891", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09897", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0986", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61915" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61915", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61915" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416039", "reference_id": "2416039", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416039" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0", "reference_id": "db8d560262c22a21ee1e55dfd62fa98d9359bcb0", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:52:31Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc", "reference_id": "GHSA-hxm8-vfpq-jrfc", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:52:31Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0312", "reference_id": "RHSA-2026:0312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0464", "reference_id": "RHSA-2026:0464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0464" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0596", "reference_id": "RHSA-2026:0596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0596" }, { "reference_url": "https://usn.ubuntu.com/7897-1/", "reference_id": "USN-7897-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7897-1/" }, { "reference_url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15", "reference_id": "v2.4.15", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:52:31Z/" } ], "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584496?format=api", "purl": "pkg:deb/debian/cups@2.4.16-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1" } ], "aliases": [ "CVE-2025-61915" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jy1y-e1nk-p3b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349657?format=api", "vulnerability_id": "VCID-r1q4-2dq2-33ca", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04853", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05391", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06241", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06292", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06318", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08209", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1141", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11495", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1162", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12431", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12462", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12469", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12391", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12291", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34980" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454954", "reference_id": "2454954", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454954" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf", "reference_id": "GHSA-4852-v58g-6cwf", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T13:12:31Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-34980" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1q4-2dq2-33ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349658?format=api", "vulnerability_id": "VCID-ry9y-z4e4-yfdh", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That token is enough to drive /admin/ requests on localhost, and the attacker can combine CUPS-Create-Local-Printer with printer-is-shared=true to persist a file:///... queue even though the normal FileDevice policy rejects such URIs. Printing to that queue gives an arbitrary root file overwrite; the PoC below uses that primitive to drop a sudoers fragment and demonstrate root command execution. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34990.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34990.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01328", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01448", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01453", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01705", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01678", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01682", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01672", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02044", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02026", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02012", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02008", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01927", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01986", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02453", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02438", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454947", "reference_id": "2454947", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454947" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp", "reference_id": "GHSA-c54j-2vqw-wpwp", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-06T18:51:42Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-34990" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ry9y-z4e4-yfdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349638?format=api", "vulnerability_id": "VCID-vgtp-sjtt-73e9", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01562", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01848", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01803", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01808", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02657", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02639", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08917", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08839", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08908", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09793", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0966", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09632", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09776", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09815", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09824", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27447" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454949", "reference_id": "2454949", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454949" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220", "reference_id": "88516bf6d9e34cef7a64a704b856b837f70cd220", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9", "reference_id": "GHSA-v987-m8hp-phj9", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-27447" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgtp-sjtt-73e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66418?format=api", "vulnerability_id": "VCID-wr17-e776-bqh1", "summary": "cups: Slow client communication leads to a possible DoS attack", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58436.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58436.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05361", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05319", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05317", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05582", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08213", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08252", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08144", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0813", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08295", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08274", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08266", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08216", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08281", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08299", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0829", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0827", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58436" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416040", "reference_id": "2416040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416040" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4", "reference_id": "40008d76a001babbb9beb9d9d74b01a86fb6ddb4", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr", "reference_id": "GHSA-8wpw-vfgm-qrrr", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0312", "reference_id": "RHSA-2026:0312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0464", "reference_id": "RHSA-2026:0464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0464" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0596", "reference_id": "RHSA-2026:0596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" }, { "reference_url": "https://usn.ubuntu.com/7912-1/", "reference_id": "USN-7912-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7912-1/" }, { "reference_url": "https://usn.ubuntu.com/7912-2/", "reference_id": "USN-7912-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7912-2/" }, { "reference_url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15", "reference_id": "v2.4.15", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/" } ], "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584496?format=api", "purl": "pkg:deb/debian/cups@2.4.16-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1" } ], "aliases": [ "CVE-2025-58436" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wr17-e776-bqh1" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80613?format=api", "vulnerability_id": "VCID-2chf-23mc-d3dn", "summary": "cups: access to uninitialized buffer in ipp.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10001.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10001.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24831", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24911", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24951", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24726", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24793", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24838", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24852", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24813", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24756", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24767", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24759", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24736", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24675", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24663", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24618", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24495", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24573", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10001" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921680", "reference_id": "1921680", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921680" }, { "reference_url": "https://security.archlinux.org/ASA-202102-13", "reference_id": "ASA-202102-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-13" }, { "reference_url": "https://security.archlinux.org/AVG-1529", "reference_id": "AVG-1529", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4393", "reference_id": "RHSA-2021:4393", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4393" }, { "reference_url": "https://usn.ubuntu.com/5454-1/", "reference_id": "USN-5454-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5454-1/" }, { "reference_url": "https://usn.ubuntu.com/5454-2/", "reference_id": "USN-5454-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5454-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" } ], "aliases": [ "CVE-2020-10001" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2chf-23mc-d3dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94280?format=api", "vulnerability_id": "VCID-44ju-8618-vqht", "summary": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8842", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57558", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57528", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57612", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57633", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57609", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57663", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57667", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57682", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57661", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57641", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57671", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57645", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57603", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57623", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57602", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8842" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8842", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8842" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://usn.ubuntu.com/5454-1/", "reference_id": "USN-5454-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5454-1/" }, { "reference_url": "https://usn.ubuntu.com/5454-2/", "reference_id": "USN-5454-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5454-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" } ], "aliases": [ "CVE-2019-8842" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44ju-8618-vqht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78840?format=api", "vulnerability_id": "VCID-7wg4-sc9v-bffk", "summary": "cups: Information leak through Cups-Get-Document operation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32360.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32360.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20097", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20037", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20154", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19884", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19963", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20017", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19992", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19934", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19917", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19921", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22443", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22539", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22537", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22548", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22709", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22526", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32360" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051953", "reference_id": "1051953", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051953" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230495", "reference_id": "2230495", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230495" }, { "reference_url": "https://support.apple.com/en-us/HT213758", "reference_id": "HT213758", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T16:47:20Z/" } ], "url": "https://support.apple.com/en-us/HT213758" }, { "reference_url": "https://support.apple.com/en-us/HT213759", "reference_id": "HT213759", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T16:47:20Z/" } ], "url": "https://support.apple.com/en-us/HT213759" }, { "reference_url": "https://support.apple.com/en-us/HT213760", "reference_id": "HT213760", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T16:47:20Z/" } ], "url": "https://support.apple.com/en-us/HT213760" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html", "reference_id": "msg00041.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T16:47:20Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4765", "reference_id": "RHSA-2023:4765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4766", "reference_id": "RHSA-2023:4766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4768", "reference_id": "RHSA-2023:4768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4769", "reference_id": "RHSA-2023:4769", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4769" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4770", "reference_id": "RHSA-2023:4770", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4770" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4771", "reference_id": "RHSA-2023:4771", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4771" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4838", "reference_id": "RHSA-2023:4838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4864", "reference_id": "RHSA-2023:4864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4864" }, { "reference_url": "https://usn.ubuntu.com/6361-1/", "reference_id": "USN-6361-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6361-1/" }, { "reference_url": "https://usn.ubuntu.com/6361-2/", "reference_id": "USN-6361-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6361-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" } ], "aliases": [ "CVE-2023-32360" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wg4-sc9v-bffk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94174?format=api", "vulnerability_id": "VCID-apyh-1uza-pffa", "summary": "In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-2228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28106", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28179", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28017", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28084", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28128", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28134", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28091", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28033", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28043", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28026", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27978", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27895", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27783", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27707", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27536", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27597", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-2228" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2228" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946782", "reference_id": "946782", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946782" }, { "reference_url": "https://usn.ubuntu.com/4340-1/", "reference_id": "USN-4340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4340-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" } ], "aliases": [ "CVE-2019-2228" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apyh-1uza-pffa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31916?format=api", "vulnerability_id": "VCID-aznw-8yer-xfhf", "summary": "Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34241.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34241.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09741", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0979", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09768", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09785", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09816", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09807", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09757", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09686", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10737", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1147", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11548", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11622", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11662", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11703", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1158", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17165", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34241" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/06/26/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-10T20:49:43Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/06/26/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/06/23/10", "reference_id": "10", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-10T20:49:43Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/06/23/10" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038885", "reference_id": "1038885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038885" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214914", "reference_id": "2214914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214914" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/", "reference_id": "7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-10T20:49:43Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2", "reference_id": "9809947a959e18409dcf562a3466ef246cb90cb2", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-10T20:49:43Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25", "reference_id": "GHSA-qjgh-5hcq-5f25", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-10T20:49:43Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25" }, { "reference_url": "https://security.gentoo.org/glsa/202402-17", "reference_id": "GLSA-202402-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-17" }, { "reference_url": "https://support.apple.com/kb/HT213843", "reference_id": "HT213843", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-10T20:49:43Z/" } ], "url": "https://support.apple.com/kb/HT213843" }, { "reference_url": "https://support.apple.com/kb/HT213844", "reference_id": "HT213844", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-10T20:49:43Z/" } ], "url": "https://support.apple.com/kb/HT213844" }, { "reference_url": "https://support.apple.com/kb/HT213845", "reference_id": "HT213845", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-10T20:49:43Z/" } ], "url": "https://support.apple.com/kb/HT213845" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-10T20:49:43Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6596", "reference_id": "RHSA-2023:6596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7165", "reference_id": "RHSA-2023:7165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1101", "reference_id": "RHSA-2024:1101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1409", "reference_id": "RHSA-2024:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1409" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/", "reference_id": "TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-10T20:49:43Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/" }, { "reference_url": "https://usn.ubuntu.com/6184-1/", "reference_id": "USN-6184-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6184-1/" }, { "reference_url": "https://usn.ubuntu.com/6184-2/", "reference_id": "USN-6184-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6184-2/" }, { "reference_url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6", "reference_id": "v2.4.6", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-10T20:49:43Z/" } ], "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" } ], "aliases": [ "CVE-2023-34241" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aznw-8yer-xfhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81400?format=api", "vulnerability_id": "VCID-ev9c-v5dv-37fb", "summary": "cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-3898.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-3898.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-3898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37102", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37269", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37296", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37125", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37177", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3719", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37201", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37167", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3714", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37185", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37111", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36887", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36855", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36767", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36649", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36717", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-3898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3898" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1823964", "reference_id": "1823964", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1823964" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4469", "reference_id": "RHSA-2020:4469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4469" }, { "reference_url": "https://usn.ubuntu.com/4340-1/", "reference_id": "USN-4340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4340-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" } ], "aliases": [ "CVE-2020-3898" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ev9c-v5dv-37fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75351?format=api", "vulnerability_id": "VCID-k4yw-jg6v-1bcc", "summary": "cups: Cupsd Listen arbitrary chmod 0140777", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35235.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35235.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-35235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.8689", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86756", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86776", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86773", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86793", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86802", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86815", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86811", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86807", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86822", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86826", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86825", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86841", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86848", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03102", "scoring_system": "epss", "scoring_elements": "0.86872", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-35235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35235" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/11/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T17:02:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/11/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073002", "reference_id": "1073002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073002" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290318", "reference_id": "2290318", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290318" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/12/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T17:02:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/12/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/12/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T17:02:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/12/5" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d", "reference_id": "ff1f8a623e090dee8a8aadf12a6a4b25efac143d", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T17:02:39Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f", "reference_id": "GHSA-vvwp-mv6j-hw6f", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T17:02:39Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f" }, { "reference_url": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240", "reference_id": "http-addr.c#L229-L240", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T17:02:39Z/" } ], "url": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T17:02:39Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00001.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4265", "reference_id": "RHSA-2024:4265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4580", "reference_id": "RHSA-2024:4580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4715", "reference_id": "RHSA-2024:4715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4715" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4776", "reference_id": "RHSA-2024:4776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5644", "reference_id": "RHSA-2024:5644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5644" }, { "reference_url": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21", "reference_id": "user-tmp#n21", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T17:02:39Z/" } ], "url": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21" }, { "reference_url": "https://usn.ubuntu.com/6844-1/", "reference_id": "USN-6844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6844-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" } ], "aliases": [ "CVE-2024-35235" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4yw-jg6v-1bcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31913?format=api", "vulnerability_id": "VCID-p8gy-dd3u-uqh4", "summary": "Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26691.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26691.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09443", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09492", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10972", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10974", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10942", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10918", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10782", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10796", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10876", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10835", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10773", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10717", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10851", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10841", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10917", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26691" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apple-oss-distributions/cups/commits/cups-499.4/cups/scheduler/cert.c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apple-oss-distributions/cups/commits/cups-499.4/cups/scheduler/cert.c" }, { "reference_url": "https://support.apple.com/en-us/HT213183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/en-us/HT213183" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011769", "reference_id": "1011769", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011769" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084321", "reference_id": "2084321", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084321" }, { "reference_url": "https://security.gentoo.org/glsa/202402-17", "reference_id": "GLSA-202402-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4990", "reference_id": "RHSA-2022:4990", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4990" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5054", "reference_id": "RHSA-2022:5054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5055", "reference_id": "RHSA-2022:5055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5056", "reference_id": "RHSA-2022:5056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5057", "reference_id": "RHSA-2022:5057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5057" }, { "reference_url": "https://usn.ubuntu.com/5454-1/", "reference_id": "USN-5454-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5454-1/" }, { "reference_url": "https://usn.ubuntu.com/5454-2/", "reference_id": "USN-5454-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5454-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038025?format=api", "purl": "pkg:deb/debian/cups@2.2.10-6%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2chf-23mc-d3dn" }, { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-44ju-8618-vqht" }, { "vulnerability": "VCID-7wg4-sc9v-bffk" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-apyh-1uza-pffa" }, { "vulnerability": "VCID-aznw-8yer-xfhf" }, { "vulnerability": "VCID-ev9c-v5dv-37fb" }, { "vulnerability": "VCID-k4yw-jg6v-1bcc" }, { "vulnerability": "VCID-p8gy-dd3u-uqh4" }, { "vulnerability": "VCID-q8a8-fd7r-1kg7" }, { "vulnerability": "VCID-qxwq-vp9g-ukca" }, { "vulnerability": "VCID-vx54-r2dt-8ue5" }, { "vulnerability": "VCID-wqu4-wys6-hfbb" }, { "vulnerability": "VCID-zxp7-6d69-tfhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.2.10-6%252Bdeb10u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" } ], "aliases": [ "CVE-2022-26691", " MNDT-2022-0026" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p8gy-dd3u-uqh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31915?format=api", "vulnerability_id": "VCID-q8a8-fd7r-1kg7", "summary": "Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32324.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32324.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32324", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46866", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46907", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46883", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.4683", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46885", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46884", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.4688", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.46887", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49235", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49202", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49182", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49279", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49276", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49246", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49244", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49119", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32324" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32324", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32324" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209603", "reference_id": "2209603", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209603" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7", "reference_id": "GHSA-cxc6-w2g7-69p7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-08T21:43:15Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7" }, { "reference_url": "https://security.gentoo.org/glsa/202402-17", "reference_id": "GLSA-202402-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-17" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-08T21:43:15Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6596", "reference_id": "RHSA-2023:6596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7165", "reference_id": "RHSA-2023:7165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1101", "reference_id": "RHSA-2024:1101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1409", "reference_id": "RHSA-2024:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1409" }, { "reference_url": "https://usn.ubuntu.com/6128-1/", "reference_id": "USN-6128-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6128-1/" }, { "reference_url": "https://usn.ubuntu.com/6128-2/", "reference_id": "USN-6128-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6128-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" } ], "aliases": [ "CVE-2023-32324" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8a8-fd7r-1kg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94170?format=api", "vulnerability_id": "VCID-qxwq-vp9g-ukca", "summary": "In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-2180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0399", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03973", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0383", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03868", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03878", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03892", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03897", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03922", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0389", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03871", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03845", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03824", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03833", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03953", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03967", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03971", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04015", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-2180" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2180" }, { "reference_url": "https://source.android.com/security/bulletin/2019-09-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://source.android.com/security/bulletin/2019-09-01" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934957", "reference_id": "934957", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934957" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2180", "reference_id": "CVE-2019-2180", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2180" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" } ], "aliases": [ "CVE-2019-2180" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxwq-vp9g-ukca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31914?format=api", "vulnerability_id": "VCID-vx54-r2dt-8ue5", "summary": "Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4504.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4504.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10426", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10442", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10494", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10354", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10427", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10491", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10522", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10489", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10466", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10334", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10307", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10437", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1042", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10408", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10352", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10297", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4504" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238509", "reference_id": "2238509", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238509" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/", "reference_id": "5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/", "reference_id": "5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/", "reference_id": "AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/" }, { "reference_url": "https://takeonme.org/cves/CVE-2023-4504.html", "reference_id": "CVE-2023-4504.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:05Z/" } ], "url": "https://takeonme.org/cves/CVE-2023-4504.html" }, { "reference_url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6", "reference_id": "GHSA-4f65-6ph5-qwh6", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:05Z/" } ], "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h", "reference_id": "GHSA-pf5r-86w9-678h", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:05Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h" }, { "reference_url": "https://security.gentoo.org/glsa/202402-17", "reference_id": "GLSA-202402-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-17" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html", "reference_id": "msg00041.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:05Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/", "reference_id": "PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/", "reference_id": "T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/" }, { "reference_url": "https://usn.ubuntu.com/6391-1/", "reference_id": "USN-6391-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6391-1/" }, { "reference_url": "https://usn.ubuntu.com/6391-2/", "reference_id": "USN-6391-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6391-2/" }, { "reference_url": "https://usn.ubuntu.com/6392-1/", "reference_id": "USN-6392-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6392-1/" }, { "reference_url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.7", "reference_id": "v2.4.7", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-23T13:29:05Z/" } ], "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" } ], "aliases": [ "CVE-2023-4504" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vx54-r2dt-8ue5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82264?format=api", "vulnerability_id": "VCID-wqu4-wys6-hfbb", "summary": "cups: stack-buffer-overflow in libcups's asn1_get_type function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8675.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8675.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80524", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80531", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80553", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80545", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80574", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80584", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80601", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80587", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80579", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80607", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.8061", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80613", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80638", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80641", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80657", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80675", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80697", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8675" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8675" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738455", "reference_id": "1738455", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738455" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934957", "reference_id": "934957", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934957" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1765", "reference_id": "RHSA-2020:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3864", "reference_id": "RHSA-2020:3864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3864" }, { "reference_url": "https://usn.ubuntu.com/4105-1/", "reference_id": "USN-4105-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4105-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" } ], "aliases": [ "CVE-2019-8675" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqu4-wys6-hfbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82265?format=api", "vulnerability_id": "VCID-zxp7-6d69-tfhm", "summary": "cups: stack-buffer-overflow in libcups's asn1_get_packed function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8696.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80524", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80531", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80553", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80545", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80574", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80584", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80601", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80587", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80579", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80607", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.8061", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80613", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80638", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80641", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80657", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80675", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01419", "scoring_system": "epss", "scoring_elements": "0.80697", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-8696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8696" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738497", "reference_id": "1738497", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1738497" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934957", "reference_id": "934957", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934957" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1765", "reference_id": "RHSA-2020:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3864", "reference_id": "RHSA-2020:3864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3864" }, { "reference_url": "https://usn.ubuntu.com/4105-1/", "reference_id": "USN-4105-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4105-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584493?format=api", "purl": "pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3etj-2m21-ffa1" }, { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-993k-m3sq-gufu" }, { "vulnerability": "VCID-am36-6m5v-fkba" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" } ], "aliases": [ "CVE-2019-8696" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxp7-6d69-tfhm" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8" }