PT-2020-6939 · Unknown +4 · Sane-Backends +4

Name of the Vulnerable Software and Affected Versions: SANE Backends versions prior to 1.0.30 Description: The issue is related to a NULL pointer dereference error in the SANE Backends implementation. This can be exploited by a malicious device connected to the same local network as the victim,...

PT-2020-6486 · Unknown +6 · Sane-Backends +6

Name of the Vulnerable Software and Affected Versions: SANE Backends versions prior to 1.0.30 Description: A heap buffer overflow in the SANE Backends allows a malicious device connected to the same local network as the victim to execute arbitrary code. The vulnerability is related to the epsonds...

cups: Local privilege escalation to root due to insecure environment variable handling

It was discovered that CUPS allows non-root users to pass environment variables to CUPS backends. Affected backends use attacker-controlled environment variables without proper sanitization. A local attacker, who is part of one of the groups specified in the SystemGroups directive, could use the...

CVE-2019-7319

An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges...

CVE-2019-7319

An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges...

Linux: No grant table and foreign mapping limits

ISSUE DESCRIPTION Virtual device backends and device models running in domain 0, or other backend driver domains, need to be able to map guest memory either via grant mappings, or via the foreign mapping interface. Inside Xen, mapped grants are tracked by the maptrack structure. The size of this...

Fedora Update for rubygem-activejob FEDORA-2019-1cfe24db5c

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-activejob FEDORA-2019-d0af506401

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Denial Of Service (DoS) Session Store Consumption

Django is vulnerable to denial of service through session store consumption. This vulnerable is caused by sessions backends creating new empty records in the session storage when request.session is accessed when a session key provided didn't match a current session record. This allows malicious...

DEBIAN-CVE-2018-1002105

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...

Sandbox Bypass

libcups.so is vulnerable to sandbox bypasses. The library does not properly handle error conditions, allowing a malicious user with sandbox root access to execute backends without a sandbox profile...

CVE-2018-4180

It was discovered that CUPS allows non-root users to pass environment variables to CUPS backends. Affected backends use attacker-controlled environment variables without proper sanitization. A local attacker, who is part of one of the groups specified in the SystemGroups directive, could use the...

[SECURITY] Fedora 26 Update: cups-filters-1.13.4-5.fc26

Contains backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrintin...

Debian: Security Advisory (DLA-940-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the sane-backends package, related to insufficient protection of operational data, allows a perpetrator to breach data confidentiality.

The vulnerability of the sane-backends package is related to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise data confidentiality using the specially crafted SANENETCONTROLOPTION package...

[SECURITY] Fedora 26 Update: evince-3.24.2-2.fc26

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

Integer overflow

An issue was discovered in Teluu pjproject pjlib and pjlib-util in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow,...

[SECURITY] Fedora 24 Update: evince-3.20.1-3.fc24

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

Fedora 26 : sane-backends (2017-1be1218e7f)

CVE-2017-6318 sane-backends: SANENETCONTROLOPTION response packet may contain memory contents of the server fedora-all Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...

[SECURITY] Fedora 25 Update: evince-3.22.1-5.fc25

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...