4 matches found
cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
A flaw was found in OpenPrinting CUPS. An unauthorized client can exploit this vulnerability by sending a specially crafted print job to a shared PostScript queue without authentication. The server improperly handles the page-border value, allowing an attacker to embed and reparse malicious text ...
cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes
A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server,...
SUSE CVE-2013-6891
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf...
Apple macOS Print Server Message Content Replacement Vulnerability
macOS is Apple's proprietary operating system for the Mac line of products. A print server message content replacement vulnerability exists in the CUPS component in Apple macOS Sierra 10.12.6, macOS High Sierra 10.13.6. In certain configurations, a remote attacker can exploit this vulnerability t...