Vendor CVEs
Linux Foundation
All CVEs
67 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-24595 | 0.00 | — | 0.02 | Mar 18, 2022 | Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the… | |||
| CVE-2020-9301 | 0.00 | — | 0.01 | Dec 11, 2020 | Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within… | |||
| CVE-2018-20731 | 0.00 | — | 0.01 | Jan 17, 2019 | A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php. | |||
| CVE-2018-20729 | 0.00 | — | 0.01 | Jan 17, 2019 | A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php. | |||
| CVE-2018-20730 | 0.00 | — | 0.01 | Jan 17, 2019 | A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component. | |||
| CVE-2018-20728 | 0.00 | — | 0.01 | Jan 17, 2019 | A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php. | |||
| CVE-2015-2265 | 0.00 | — | 0.03 | Mar 24, 2015 | The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for… | |||
| CVE-2014-4338 | 0.00 | — | 0.03 | Jun 22, 2014 | cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. | |||
| CVE-2014-4337 | 0.00 | — | 0.03 | Jun 22, 2014 | The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. | |||
| CVE-2014-4336 | 0.00 | — | 0.01 | Jun 22, 2014 | The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for… | |||
| CVE-2014-2707 | 0.00 | — | 0.01 | Apr 17, 2014 | cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues." | |||
| CVE-2013-6476 | 0.00 | — | 0.00 | Mar 14, 2014 | The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. | |||
| CVE-2013-6475 | 0.00 | — | 0.03 | Mar 14, 2014 | Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow. | |||
| CVE-2013-6474 | 0.00 | — | 0.03 | Mar 14, 2014 | Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. | |||
| CVE-2013-6473 | 0.00 | — | 0.03 | Mar 14, 2014 | Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file. | |||
| CVE-2011-2964 | 0.00 | — | 0.05 | Jul 29, 2011 | foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697. | |||
| CVE-2004-0801 | 0.00 | — | 0.04 | Sep 16, 2004 | Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands. |
- CVE-2022-24595Mar 18, 2022risk 0.00cvss —epss 0.02
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the…
- CVE-2020-9301Dec 11, 2020risk 0.00cvss —epss 0.01
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within…
- CVE-2018-20731Jan 17, 2019risk 0.00cvss —epss 0.01
A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php.
- CVE-2018-20729Jan 17, 2019risk 0.00cvss —epss 0.01
A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php.
- CVE-2018-20730Jan 17, 2019risk 0.00cvss —epss 0.01
A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.
- CVE-2018-20728Jan 17, 2019risk 0.00cvss —epss 0.01
A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php.
- CVE-2015-2265Mar 24, 2015risk 0.00cvss —epss 0.03
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for…
- CVE-2014-4338Jun 22, 2014risk 0.00cvss —epss 0.03
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.
- CVE-2014-4337Jun 22, 2014risk 0.00cvss —epss 0.03
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
- CVE-2014-4336Jun 22, 2014risk 0.00cvss —epss 0.01
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for…
- CVE-2014-2707Apr 17, 2014risk 0.00cvss —epss 0.01
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
- CVE-2013-6476Mar 14, 2014risk 0.00cvss —epss 0.00
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
- CVE-2013-6475Mar 14, 2014risk 0.00cvss —epss 0.03
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.
- CVE-2013-6474Mar 14, 2014risk 0.00cvss —epss 0.03
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2013-6473Mar 14, 2014risk 0.00cvss —epss 0.03
Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.
- CVE-2011-2964Jul 29, 2011risk 0.00cvss —epss 0.05
foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.
- CVE-2004-0801Sep 16, 2004risk 0.00cvss —epss 0.04
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.
Page 2 of 2