Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/584494?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/584494?format=api", "purl": "pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9", "type": "deb", "namespace": "debian", "name": "cups", "version": "2.4.2-3+deb12u9", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.18-1", "latest_non_vulnerable_version": "2.4.18-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349655?format=api", "vulnerability_id": "VCID-63fa-a4pr-wqh3", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-file + rename(). This PoC clobbers CacheDir/job.cache with RSS XML, and after restarting cupsd the scheduler fails to parse the job cache and previously queued jobs disappear. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18102", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18019", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18317", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22859", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22822", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22765", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2278", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22733", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22531", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22692", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2252", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22522", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22838", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24042", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23991", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23935", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23953", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2384", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23922", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34978" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454957", "reference_id": "2454957", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454957" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr", "reference_id": "GHSA-f53q-7mxp-9gcr", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:39:23Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-34978" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63fa-a4pr-wqh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350476?format=api", "vulnerability_id": "VCID-b1yf-xuc1-ykak", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39314.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39314.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39314", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02187", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02209", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02171", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03689", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03739", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03692", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03695", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03717", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03555", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03682", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04582", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04205", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04174", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04573", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04574", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04575", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39314" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39314", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39314" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133184", "reference_id": "1133184", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133184" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456107", "reference_id": "2456107", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-39314" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b1yf-xuc1-ykak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350477?format=api", "vulnerability_id": "VCID-dx89-e1nn-w7gz", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39316.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03159", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03185", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03059", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03038", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03144", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03118", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03075", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0303", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02925", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03041", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03043", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03836", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03796", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03801", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05266", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05318", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-39316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133183", "reference_id": "1133183", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456120", "reference_id": "2456120", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456120" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg", "reference_id": "GHSA-pjv5-prqp-46rg", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:41:44Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-39316" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dx89-e1nn-w7gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/354433?format=api", "vulnerability_id": "VCID-gwcb-nhpk-2kca", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41079.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41079.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01624", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01625", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03104", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02999", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0302", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03056", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03067", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03072", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461611", "reference_id": "2461611", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461611" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080", "reference_id": "b7c2525a885f528d243c3a92197ca99609b3f080", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:47:25Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737", "reference_id": "d7fe0f521ff3b24676511e747b058362b9a20737", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:47:25Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv", "reference_id": "GHSA-6wpw-g8g6-wvrv", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:47:25Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-41079" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwcb-nhpk-2kca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349656?format=api", "vulnerability_id": "VCID-hc4t-becn-rkcc", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34979.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34979.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11845", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11719", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11635", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15919", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15958", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15851", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15775", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15979", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16232", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16081", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1612", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16195", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16123", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17672", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17495", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17592", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17555", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17403", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34979" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34979", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34979" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454946", "reference_id": "2454946", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454946" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh", "reference_id": "GHSA-6qxf-7jx6-86fh", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:19:03Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-34979" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hc4t-becn-rkcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66419?format=api", "vulnerability_id": "VCID-jy1y-e1nk-p3b4", "summary": "CUPS: Local denial-of-service via cupsd.conf update and related issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61915.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61915.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09405", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09474", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09318", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09897", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09817", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09867", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09766", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09838", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09891", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0986", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09845", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09727", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09698", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09848", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09893", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14829", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1482", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14864", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14947", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61915" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61915", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61915" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416039", "reference_id": "2416039", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416039" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0", "reference_id": "db8d560262c22a21ee1e55dfd62fa98d9359bcb0", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:52:31Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc", "reference_id": "GHSA-hxm8-vfpq-jrfc", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:52:31Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0312", "reference_id": "RHSA-2026:0312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0464", "reference_id": "RHSA-2026:0464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0464" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0596", "reference_id": "RHSA-2026:0596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0596" }, { "reference_url": "https://usn.ubuntu.com/7897-1/", "reference_id": "USN-7897-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7897-1/" }, { "reference_url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15", "reference_id": "v2.4.15", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:52:31Z/" } ], "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584496?format=api", "purl": "pkg:deb/debian/cups@2.4.16-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1" } ], "aliases": [ "CVE-2025-61915" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jy1y-e1nk-p3b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349657?format=api", "vulnerability_id": "VCID-r1q4-2dq2-33ca", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04853", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05391", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06427", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06451", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06467", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06438", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06241", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06354", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06292", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06318", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08209", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1162", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11495", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1141", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12291", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12462", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12469", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12431", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12391", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34980" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454954", "reference_id": "2454954", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454954" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf", "reference_id": "GHSA-4852-v58g-6cwf", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T13:12:31Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-34980" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1q4-2dq2-33ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349658?format=api", "vulnerability_id": "VCID-ry9y-z4e4-yfdh", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That token is enough to drive /admin/ requests on localhost, and the attacker can combine CUPS-Create-Local-Printer with printer-is-shared=true to persist a file:///... queue even though the normal FileDevice policy rejects such URIs. Printing to that queue gives an arbitrary root file overwrite; the PoC below uses that primitive to drop a sudoers fragment and demonstrate root command execution. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34990.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34990.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01328", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01448", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01453", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01705", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01678", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01682", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01672", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02044", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02026", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02012", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02008", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01927", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01986", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02516", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02453", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02492", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02489", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02493", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02438", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454947", "reference_id": "2454947", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454947" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp", "reference_id": "GHSA-c54j-2vqw-wpwp", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-06T18:51:42Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-34990" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ry9y-z4e4-yfdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349638?format=api", "vulnerability_id": "VCID-vgtp-sjtt-73e9", "summary": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01562", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01848", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01803", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01808", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02723", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02639", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02657", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02695", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02696", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02697", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08917", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08908", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08839", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09632", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09793", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09776", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0966", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09815", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09824", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27447" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716", "reference_id": "1132716", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454949", "reference_id": "2454949", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454949" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220", "reference_id": "88516bf6d9e34cef7a64a704b856b837f70cd220", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9", "reference_id": "GHSA-v987-m8hp-phj9", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1072932?format=api", "purl": "pkg:deb/debian/cups@2.4.17-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081972?format=api", "purl": "pkg:deb/debian/cups@2.4.18-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1" } ], "aliases": [ "CVE-2026-27447" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgtp-sjtt-73e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66418?format=api", "vulnerability_id": "VCID-wr17-e776-bqh1", "summary": "cups: Slow client communication leads to a possible DoS attack", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58436.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58436.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05319", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05361", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05317", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05582", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08291", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08213", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08144", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0813", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08295", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08274", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08227", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0821", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08236", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08266", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08216", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08281", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08299", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0829", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0827", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08252", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58436" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416040", "reference_id": "2416040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416040" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4", "reference_id": "40008d76a001babbb9beb9d9d74b01a86fb6ddb4", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr", "reference_id": "GHSA-8wpw-vfgm-qrrr", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0312", "reference_id": "RHSA-2026:0312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0464", "reference_id": "RHSA-2026:0464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0464" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0596", "reference_id": "RHSA-2026:0596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" }, { "reference_url": "https://usn.ubuntu.com/7912-1/", "reference_id": "USN-7912-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7912-1/" }, { "reference_url": "https://usn.ubuntu.com/7912-2/", "reference_id": "USN-7912-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7912-2/" }, { "reference_url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15", "reference_id": "v2.4.15", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/" } ], "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584496?format=api", "purl": "pkg:deb/debian/cups@2.4.16-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1" } ], "aliases": [ "CVE-2025-58436" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wr17-e776-bqh1" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68013?format=api", "vulnerability_id": "VCID-3etj-2m21-ffa1", "summary": "cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58364.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58364.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.2918", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.30003", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29955", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31552", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32402", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32388", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32436", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32463", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32467", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32429", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32439", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32683", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32781", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32668", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32735", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32774", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32708", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32786", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32875", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32857", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58364" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393078", "reference_id": "2393078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393078" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d", "reference_id": "e58cba9d6fceed4242980e51dbd1302cf638ab1d", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T17:37:26Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4", "reference_id": "GHSA-7qx3-r744-6qv4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T17:37:26Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15700", "reference_id": "RHSA-2025:15700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15701", "reference_id": "RHSA-2025:15701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16590", "reference_id": "RHSA-2025:16590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16591", "reference_id": "RHSA-2025:16591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16592", "reference_id": "RHSA-2025:16592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22063", "reference_id": "RHSA-2025:22063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" }, { "reference_url": "https://usn.ubuntu.com/7745-1/", "reference_id": "USN-7745-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7745-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584494?format=api", "purl": "pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9" } ], "aliases": [ "CVE-2025-58364" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3etj-2m21-ffa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68012?format=api", "vulnerability_id": "VCID-993k-m3sq-gufu", "summary": "cups: Authentication Bypass in CUPS Authorization Handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58060.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58060.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15471", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15401", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16442", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16147", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16263", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1637", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16335", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16368", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16411", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16496", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16551", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16532", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16494", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16436", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16376", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16395", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16433", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16325", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16323", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16279", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58060" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58060" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392595", "reference_id": "2392595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392595" }, { "reference_url": "https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221", "reference_id": "595d691075b1d396d2edfaa0a8fd0873a0a1f221", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-11T17:33:32Z/" } ], "url": "https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221" }, { "reference_url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq", "reference_id": "GHSA-4c68-qgrh-rmmq", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-11T17:33:32Z/" } ], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15700", "reference_id": "RHSA-2025:15700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15701", "reference_id": "RHSA-2025:15701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15702", "reference_id": "RHSA-2025:15702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16590", "reference_id": "RHSA-2025:16590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16591", "reference_id": "RHSA-2025:16591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16592", "reference_id": "RHSA-2025:16592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17049", "reference_id": "RHSA-2025:17049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17054", "reference_id": "RHSA-2025:17054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17141", "reference_id": "RHSA-2025:17141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17144", "reference_id": "RHSA-2025:17144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17164", "reference_id": "RHSA-2025:17164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8814", "reference_id": "RHSA-2026:8814", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8814" }, { "reference_url": "https://usn.ubuntu.com/7745-1/", "reference_id": "USN-7745-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7745-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584494?format=api", "purl": "pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9" } ], "aliases": [ "CVE-2025-58060" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-993k-m3sq-gufu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73815?format=api", "vulnerability_id": "VCID-am36-6m5v-fkba", "summary": "cups: libppd: remote command injection via attacker controlled data in PPD file", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47175.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47175.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47175", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96952", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96878", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96883", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96891", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96893", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96895", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96897", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96898", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96905", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96909", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96919", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96923", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96927", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96934", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96935", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.33103", "scoring_system": "epss", "scoring_elements": "0.96941", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.33659", "scoring_system": "epss", "scoring_elements": "0.96957", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.33659", "scoring_system": "epss", "scoring_elements": "0.96955", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.33659", "scoring_system": "epss", "scoring_elements": "0.96918", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47175" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47175", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47175" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256", "reference_id": "2314256", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256" }, { "reference_url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I", "reference_id": "Attacking-UNIX-systems-via-CUPS-Part-I", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/" } ], "url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I" }, { "reference_url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6", "reference_id": "GHSA-7xfx-47qg-grp6", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/" } ], "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6" }, { "reference_url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47", "reference_id": "GHSA-p9rh-jxmq-gq47", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/" } ], "url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47" }, { "reference_url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8", "reference_id": "GHSA-rj88-6mr5-rcw8", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/" } ], "url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8" }, { "reference_url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5", "reference_id": "GHSA-w63j-6g73-wmg5", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/" } ], "url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7346", "reference_id": "RHSA-2024:7346", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7346" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7461", "reference_id": "RHSA-2024:7461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7462", "reference_id": "RHSA-2024:7462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7463", "reference_id": "RHSA-2024:7463", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7503", "reference_id": "RHSA-2024:7503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7504", "reference_id": "RHSA-2024:7504", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7504" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7506", "reference_id": "RHSA-2024:7506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7551", "reference_id": "RHSA-2024:7551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7553", "reference_id": "RHSA-2024:7553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7623", "reference_id": "RHSA-2024:7623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9470", "reference_id": "RHSA-2024:9470", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9470" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0083", "reference_id": "RHSA-2025:0083", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0083" }, { "reference_url": "https://usn.ubuntu.com/7041-1/", "reference_id": "USN-7041-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7041-1/" }, { "reference_url": "https://usn.ubuntu.com/7041-2/", "reference_id": "USN-7041-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7041-2/" }, { "reference_url": "https://usn.ubuntu.com/7041-3/", "reference_id": "USN-7041-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7041-3/" }, { "reference_url": "https://usn.ubuntu.com/7045-1/", "reference_id": "USN-7045-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7045-1/" }, { "reference_url": "https://www.cups.org", "reference_id": "www.cups.org", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/" } ], "url": "https://www.cups.org" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584494?format=api", "purl": "pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63fa-a4pr-wqh3" }, { "vulnerability": "VCID-b1yf-xuc1-ykak" }, { "vulnerability": "VCID-dx89-e1nn-w7gz" }, { "vulnerability": "VCID-gwcb-nhpk-2kca" }, { "vulnerability": "VCID-hc4t-becn-rkcc" }, { "vulnerability": "VCID-jy1y-e1nk-p3b4" }, { "vulnerability": "VCID-r1q4-2dq2-33ca" }, { "vulnerability": "VCID-ry9y-z4e4-yfdh" }, { "vulnerability": "VCID-vgtp-sjtt-73e9" }, { "vulnerability": "VCID-wr17-e776-bqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9" } ], "aliases": [ "CVE-2024-47175" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am36-6m5v-fkba" } ], "risk_score": "3.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9" }