rpm package
suse/cups&distro=SUSE Linux Enterprise Micro 5.5
pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Micro%205.5
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34990 | Hig | 7.8 | < 2.2.7-150000.3.86.1 | 2.2.7-150000.3.86.1 | Apr 3, 2026 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local . | |
| CVE-2025-58436 | — | < 2.2.7-150000.3.77.1 | 2.2.7-150000.3.77.1 | Nov 29, 2025 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other cl | ||
| CVE-2025-61915 | — | < 2.2.7-150000.3.77.1 | 2.2.7-150000.3.77.1 | Nov 29, 2025 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse | ||
| CVE-2025-58364 | — | < 2.2.7-150000.3.72.1 | 2.2.7-150000.3.72.1 | Sep 11, 2025 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability a | ||
| CVE-2025-58060 | — | < 2.2.7-150000.3.72.1 | 2.2.7-150000.3.72.1 | Sep 11, 2025 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This | ||
| CVE-2024-47175 | — | < 2.2.7-150000.3.72.1 | 2.2.7-150000.3.72.1 | Sep 26, 2024 | CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPr | ||
| CVE-2024-35235 | — | < 2.2.7-150000.3.59.1 | 2.2.7-150000.3.59.1 | Jun 11, 2024 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary | ||
| CVE-2023-4504 | — | < 2.2.7-150000.3.51.2 | 2.2.7-150000.3.51.2 | Sep 21, 2023 | Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. | ||
| CVE-2023-32360 | — | < 2.2.7-150000.3.51.2 | 2.2.7-150000.3.51.2 | Jun 23, 2023 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents. |
- affected < 2.2.7-150000.3.86.1fixed 2.2.7-150000.3.86.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local .
- CVE-2025-58436Nov 29, 2025affected < 2.2.7-150000.3.77.1fixed 2.2.7-150000.3.77.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other cl
- CVE-2025-61915Nov 29, 2025affected < 2.2.7-150000.3.77.1fixed 2.2.7-150000.3.77.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse
- CVE-2025-58364Sep 11, 2025affected < 2.2.7-150000.3.72.1fixed 2.2.7-150000.3.72.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability a
- CVE-2025-58060Sep 11, 2025affected < 2.2.7-150000.3.72.1fixed 2.2.7-150000.3.72.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This
- CVE-2024-47175Sep 26, 2024affected < 2.2.7-150000.3.72.1fixed 2.2.7-150000.3.72.1
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPr
- CVE-2024-35235Jun 11, 2024affected < 2.2.7-150000.3.59.1fixed 2.2.7-150000.3.59.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary
- CVE-2023-4504Sep 21, 2023affected < 2.2.7-150000.3.51.2fixed 2.2.7-150000.3.51.2
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
- CVE-2023-32360Jun 23, 2023affected < 2.2.7-150000.3.51.2fixed 2.2.7-150000.3.51.2
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.