Advisory ROSA-SA-2026-3142

Software: cups 2.2.6 OS: ROSA Virtualization 3.1 unaffected versions = cups-2.2.6-66.rv31 affected versions cups-2.2.6-66.rv31 CVE-ID: CVE-2025-58364 BDU-ID: 2025-12439 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server libcups library is related to null pointer dereferencing du...

EUVD-2014-3532

Malware in sbrugna...

EUVD-2018-16086

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-4300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web...

Linux Distros Unpatched Vulnerability : CVE-2014-5031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information v...

Linux Distros Unpatched Vulnerability : CVE-2014-3537

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/...

Linux Distros Unpatched Vulnerability : CVE-2009-0164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS...

SUSE CVE-2014-3537

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/...

NewStart CGSL CORE 5.05 / MAIN 5.05 : cups Multiple Vulnerabilities (NS-SA-2020-0102)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has cups packages installed that are affected by multiple vulnerabilities: - In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. CVE-2018-4180, CVE-2018-418...

Information Disclosure

cups is vulnerable to information disclosure. The vulnerability exists as an uninitialized memory read issue was found in the CUPS web interface. If an attacker had access to the CUPS web interface, they could use a specially-crafted URL to leverage this flaw to read a limited amount of memory fr...

Debian: Security Advisory (DLA-1936-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.1.0 : cups (EulerOS-SA-2019-1605)

According to the version of the cups package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web...

EulerOS Virtualization for ARM 64 3.0.2.0 : cups (EulerOS-SA-2019-1622)

According to the version of the cups package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to...

Design/Logic Flaw

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10...

UBUNTU-CVE-2018-4300

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10...

CVE-2018-4300

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10...

Authentication Bypass

libcups.so is vulnerable to authentication bypass. The CUPS web interface uses an insecure function and seed to generate the session cookie, which results in a predictable token that can be guessed easily by a remote attacker to gain access to the application...

USN-2341-1 cups vulnerabilities

Salvatore Bonaccorso discovered that the CUPS web interface incorrectly validated permissions and incorrectly handled symlinks. An attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation...

DEBIAN-CVE-2014-5029

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language0 set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537...

CVE-2014-5031

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors...