Lucene search
K

31 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2014-3537

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/...

1.2CVSS7.2AI score0.00379EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.4 views

SUSE CVE-2014-3537

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/...

1.2CVSS6.5AI score0.00379EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.26 views

Mageia: Security Advisory (MGASA-2014-0313)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8AI score0.02911EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2014:1023-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS8.8AI score0.02911EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2014:1022-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8.1AI score0.02911EPSS
Exploits0References2
Veracode
Veracode
added 2019/05/02 5:12 a.m.24 views

Information Disclosure

cups is vulnerable to information disclosure. The vulnerability exists as the web interface allows local users in the Ip group to read arbitrary files through symlinks. This vulnerability exists through an incomplete fix for CVE-2014-3537...

1.5CVSS5.5AI score0.00379EPSS
Exploits0References15Affected Software1
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.26 views

Oracle: Security Advisory (ELSA-2014-1388)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8.6AI score0.02911EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.35 views

Amazon Linux: Security Advisory (ALAS-2014-438)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8.6AI score0.02911EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/11/26 12:0 a.m.28 views

OracleVM 3.3 : cups (OVMSA-2014-0035)

The remote OracleVM system is missing necessary patches to address critical security updates : - Revert change to whitelist /rss/ resources, as this was not used upstream. - More STR 4461 fixes from upstream: make rss feeds world-readable, but cachedir private. - Fix icon display in web interface...

7.2CVSS7.1AI score0.02911EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2014/11/04 12:0 a.m.27 views

Scientific Linux Security Update : cups on SL6.x i386/x86_64 (20141014)

A cross-site scripting XSS flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. CVE-2014-2856 It was discovered that CUPS allowed certain users to create symbolic links in certain directories...

5CVSS6.9AI score0.02911EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2014/11/03 12:0 a.m.36 views

Amazon Linux AMI : cups (ALAS-2014-438)

A cross-site scripting XSS flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. CVE-2014-2856 It was discovered that CUPS allowed certain users to create symbolic links in certain directories...

5CVSS7AI score0.02911EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2014/10/17 12:0 a.m.26 views

Oracle Linux 6 : cups (ELSA-2014-1388)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1388 advisory. - Applied upstream patch to fix CVE-2014-5029 bug 1122600, CVE-2014-5030 bug 1128764, CVE-2014-5031 bug 1128767. - fix patch for CVE-2014-3537 bug...

5CVSS7.2AI score0.02911EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2014/10/15 12:0 a.m.35 views

cups security and bug fix update

1:1.4.2-67 - Revert change to whitelist /rss/ resources, as this was not used upstream. 1:1.4.2-66 - More STR 4461 fixes from upstream: make rss feeds world-readable, but cachedir private. - Fix icon display in web interface during server restart STR 4475. 1:1.4.2-65 - Fixes for upstream patch fo...

5CVSS8.8AI score0.02911EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/10/14 12:0 a.m.31 views

RHEL 6 : cups (RHSA-2014:1388)

Updated cups packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

5CVSS7AI score0.02911EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2014/10/13 9:21 p.m.7 views

cups: Incomplete fix for CVE-2014-3537

It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system...

1.5CVSS7.2AI score0.00379EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2014/10/04 12:0 a.m.32 views

Fedora Update for cups FEDORA-2014-9703

Check the version of cups SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868356";...

5CVSS7.5AI score0.02911EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2014/08/05 12:0 a.m.21 views

Fedora Update for cups FEDORA-2014-8752

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.6AI score0.02911EPSS
Exploits0References2
Debian
Debian
added 2014/07/31 7:47 a.m.41 views

[DLA-0022-1] cups security update

Debian Security Advisory DLA-0022-1 https://wiki.debian.org/LTS - --------------------------------------------------------------------- Package : cups Version : 1.4.4-7+squeeze6 CVE ID : CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 It was discovered that the web interface in CUPS, the...

5CVSS7.3AI score0.02911EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/07/31 12:0 a.m.23 views

Fedora 20 : cups-1.7.4-3.fc20 (2014-8752)

This update fixes one security flaw as well as broken CGI script handling. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducin...

5CVSS7.4AI score0.02911EPSS
Exploits0References6
OSV
OSV
added 2014/07/29 4:37 p.m.6 views

SUSE-SU-2015:0575-1 Security update for CUPS

This update fixes various issues in CUPS. CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031: Various insufficient symbolic link checking could have lead to privilege escalation from the lp user to root. Security Issues: CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031...

7.2CVSS6.4AI score0.04633EPSS
Exploits2References12
Rows per page
Query Builder