19 matches found
MiracleLinux 7 : cups-1.6.3-51.el7 (AXSA:2020-557:05)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-557:05 advisory. cups: DNS rebinding attacks via incorrect whitelist CVE-2017-18190 cups: stack-buffer-overflow in libcups's asn1gettype function CVE-2019-8675 cups:...
SUSE: Security Advisory (SUSE-SU-2018:0604-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : cups on SL7.x x86_64 (20201001)
Security Fixes : - cups: DNS rebinding attacks via incorrect whitelist CVE-2017-18190 - cups: stack-buffer-overflow in libcups's asn1gettype function CVE-2019-8675 - cups: stack-buffer-overflow in libcups's asn1getpacked function CVE-2019-8696 C Tenable Network Security, Inc. The descriptive text...
cups security update
CentOS Errata and Security Advisory CESA-2020:3864 An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Oracle Linux 7 : cups (ELSA-2020-3864)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3864 advisory. - 1823758 - CVE-2017-18190 cups: DNS rebinding attacks via incorrect whitelist rhel-7 - 1774460 - CVE-2019-8696 cups: stack-buffer-overflow in libcupss...
Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2018-1080)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2018-1079)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1412-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1412-1] cups security update
Package : cups Version : 1.7.5-11+deb8u3 CVE ID : CVE-2017-18190 CVE-2017-18248 Two vulnerabilities affecting the cups printing server were found which can lead to arbitrary IPP command execution and denial of service. CVE-2017-18190 A localhost.localdomain whitelist entry in validhost in...
EulerOS 2.0 SP2 : cups (EulerOS-SA-2018-1080)
According to the versions of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CUPS printing system provides a portable printing layer for UNIXAr operating systems. It has been developed by Apple Inc.to promote a standard...
openSUSE: Security Advisory for cups (openSUSE-SU-2018:0618-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2018:0604-1 Security update for cups
This update for cups fixes the following issues: - CVE-2017-18190: Removed localhost.localdomain from list of trustworthy hosts in scheduler/client.c to avoid arbitrary IPP command execution in conjunction with DNS rebinding. bsc1081557...
Updated cups packages fix security vulnerability
Updated cups packages fix security vulnerability: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could...
[SECURITY] [DLA 1288-1] cups security update
Package : cups Version : 1.5.3-5+deb7u7 CVE ID : CVE-2017-18190 It was discovered that there was an issue in the CUPS printer framework where remote attackers could execute arbitrary commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. This was caused by a...
USN-3577-1: CUPS vulnerability
Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information...
Ubuntu: Security Advisory (USN-3577-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS : CUPS vulnerability (USN-3577-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3577-1 advisory. Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to localhost.localdomain from the loopback interface. If a user were...
CVE-2017-18190
A localhost.localdomain whitelist entry in validhost in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS serve...
CVE-2017-18190
CVE-2017-18190 affects the CUPS printing system. Connected sources confirm a vulnerability where a localhost.localdomain whitelist entry in valid_host() (scheduler/client.c) in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon ...