Lucene search
+L

95 matches found

OSV
OSV
added 2016/04/14 2:59 p.m.11 views

CVE-2015-8560

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; semicolon character in a print job, a different vulnerability than CVE-2015-8327...

7.3CVSS7.6AI score
Exploits0References10
Prion
Prion
added 2016/04/14 2:59 p.m.14 views

Input validation

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; semicolon character in a print job, a different vulnerability than CVE-2015-8327...

7.5CVSS7.6AI score0.10171EPSS
Exploits0References10Affected Software4
CVE
CVE
added 2016/04/14 2:0 p.m.118 views

CVE-2015-8560

CVE-2015-8560 describes an incomplete blacklist vulnerability in foomatic-rip (util.c) used by cups-filters 1.0.42 and in foomatic-filters (Foomatic 4.0.x). The issue allows remote attackers to execute arbitrary commands by injecting a ; (semicolon) in a print job. Root cause is failure to fully ...

7.5CVSS7.5AI score0.05251EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVE
added 2016/04/14 2:0 p.m.21 views

CVE-2015-8560

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; semicolon character in a print job, a different vulnerability than CVE-2015-8327...

7.5CVSS7.9AI score0.05251EPSS
Exploits0
CNVD
CNVD
added 2016/03/24 12:0 a.m.4 views

foomatic-rip memory corruption vulnerability

Foomatic is a database-driven printing system developed by the Linux Foundation's OpenPrinting Working Group, which integrates a general-purpose back-end printing system for Unix with an open-source printer driver. foomatic-rip a.k.a. foomatic-filters is an internal component that helps the...

9.8CVSS7.3AI score0.05483EPSS
Exploits0References1
CNVD
CNVD
added 2016/03/24 12:0 a.m.4 views

foomatic-rip Arbitrary Command Execution Vulnerability

Foomatic is a database-driven printing system developed by the Linux Foundation's OpenPrinting Working Group, which integrates a general-purpose back-end printing system for Unix with an open-source printer driver. foomatic-rip a.k.a. foomatic-filters is an internal component that helps the...

7.5CVSS7.3AI score0.05251EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/03/24 12:0 a.m.27 views

Scientific Linux Security Update : foomatic on SL6.x i386/x86_64 (20160323)

It was discovered that the unhtmlify function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. CVE-2010-5325 It was...

9.8CVSS8.1AI score0.10171EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/03/22 9:2 p.m.9 views

cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character

It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands...

7.5CVSS7.4AI score0.05251EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/03/22 9:2 p.m.6 views

cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character

It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands...

7.5CVSS7.4AI score0.10171EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/03/22 9:2 p.m.5 views

foomatic: potential remote arbitrary code execution

It was discovered that the unhtmlify function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code...

9.8CVSS6.2AI score0.05483EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2016/03/22 12:0 a.m.46 views

foomatic security update

4.0.4-5 - Also consider back tick and semicolon as illegal shell escape characters. - CVE-2015-8327, CVE-2015-8560 4.0.4-4 - Prevent foomatic-rip overrun bug 1214534...

7.5CVSS2.7AI score0.10171EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/01/18 12:0 a.m.5 views

The vulnerability of the Foomatic printing filter and the Ubuntu operating system allows a hacker to execute arbitrary commands.

The vulnerability of the foomatic-rip component util.c in the cups-filters package in Foomatic printing and the Ubuntu operating system is related to the use of an incomplete blacklist. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the quotation mark...

7.5CVSS7.6AI score0.10171EPSS
Exploits0References12Affected Software2
NVD
NVD
added 2015/12/17 7:59 p.m.19 views

CVE-2015-8327

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via backtick characters in a print job...

7.5CVSS7.6AI score0.10171EPSS
Exploits0References13
Prion
Prion
added 2015/12/17 7:59 p.m.16 views

Input validation

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via backtick characters in a print job...

7.5CVSS7.5AI score0.10171EPSS
Exploits0References13Affected Software9
CVE
CVE
added 2015/12/17 7:0 p.m.122 views

CVE-2015-8327

CVE-2015-8327 is an incomplete blacklist vulnerability in util.c of the foomatic-rip component in cups-filters (and in foomatic-filters/Foomatic). It allows remote attackers to execute arbitrary commands via backtick characters in a print job. Affected are cups-filters 1.0.42 before 1.2.0 and Foo...

7.5CVSS7.5AI score0.10171EPSS
Exploits0References13Affected Software5
Ubuntu
Ubuntu
added 2015/12/16 5:20 p.m.54 views

USN-2838-1: cups-filters vulnerability

Adam Chester discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user...

7.5CVSS8AI score0.05251EPSS
Exploits0
OSV
OSV
added 2015/12/16 5:20 p.m.5 views

USN-2838-1 cups-filters vulnerability

Adam Chester discovered that the cups-filters foomatic-rip filter incorrectly stripped shell escape characters. A remote attacker could possibly use this issue to execute arbitrary code as the lp user...

7.5CVSS7.5AI score0.05251EPSS
Exploits0References2
Debian
Debian
added 2015/12/15 5:9 p.m.43 views

[SECURITY] [DSA 3419-1] cups-filters security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3419-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 15, 2015 https://www.debian.org/security/faq -...

7.5CVSS7.2AI score0.05251EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/12/15 12:0 a.m.30 views

Debian Security Advisory DSA 3419-1 (cups-filters - security update)

Adam Chester discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands. OpenVAS Vulnerability Test $Id: deb3419.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3419-1 using nvtgen 1.0 Script version: 1....

7.5CVSS0.5AI score0.05251EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2015/12/15 12:0 a.m.23 views

CVE-2015-8560

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; semicolon character in a print job, a different vulnerability than CVE-2015-8327...

7.5CVSS7.4AI score0.05251EPSS
Exploits0References4
Rows per page
Query Builder