rpm package
suse/cups&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7
pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34990 | Hig | 7.8 | < 2.2.7-150000.3.86.1 | 2.2.7-150000.3.86.1 | Apr 3, 2026 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local . | |
| CVE-2025-58436 | — | < 2.2.7-150000.3.77.1 | 2.2.7-150000.3.77.1 | Nov 29, 2025 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other cl | ||
| CVE-2025-61915 | — | < 2.2.7-150000.3.77.1 | 2.2.7-150000.3.77.1 | Nov 29, 2025 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse | ||
| CVE-2025-58364 | — | < 2.2.7-150000.3.72.1 | 2.2.7-150000.3.72.1 | Sep 11, 2025 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability a | ||
| CVE-2025-58060 | — | < 2.2.7-150000.3.72.1 | 2.2.7-150000.3.72.1 | Sep 11, 2025 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This | ||
| CVE-2024-47175 | — | < 2.2.7-150000.3.72.1 | 2.2.7-150000.3.72.1 | Sep 26, 2024 | CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPr |
- affected < 2.2.7-150000.3.86.1fixed 2.2.7-150000.3.86.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local .
- CVE-2025-58436Nov 29, 2025affected < 2.2.7-150000.3.77.1fixed 2.2.7-150000.3.77.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other cl
- CVE-2025-61915Nov 29, 2025affected < 2.2.7-150000.3.77.1fixed 2.2.7-150000.3.77.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse
- CVE-2025-58364Sep 11, 2025affected < 2.2.7-150000.3.72.1fixed 2.2.7-150000.3.72.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability a
- CVE-2025-58060Sep 11, 2025affected < 2.2.7-150000.3.72.1fixed 2.2.7-150000.3.72.1
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This
- CVE-2024-47175Sep 26, 2024affected < 2.2.7-150000.3.72.1fixed 2.2.7-150000.3.72.1
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPr