Filtered by vendor Linuxfoundation
Subscriptions
Total
267 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-6473 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Cups-filters | 2024-08-06 | N/A |
Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file. | ||||
CVE-2013-6475 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-08-06 | N/A |
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow. | ||||
CVE-2014-4336 | 1 Linuxfoundation | 1 Cups-filters | 2024-08-06 | N/A |
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | ||||
CVE-2014-4337 | 2 Linuxfoundation, Redhat | 2 Cups-filters, Enterprise Linux | 2024-08-06 | N/A |
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. | ||||
CVE-2014-4338 | 2 Linuxfoundation, Redhat | 2 Cups-filters, Enterprise Linux | 2024-08-06 | N/A |
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. | ||||
CVE-2014-2707 | 1 Linuxfoundation | 1 Cups-filters | 2024-08-06 | N/A |
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues." | ||||
CVE-2015-8560 | 4 Canonical, Debian, Linuxfoundation and 1 more | 5 Ubuntu Linux, Debian Linux, Cups-filters and 2 more | 2024-08-06 | N/A |
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. | ||||
CVE-2015-8327 | 4 Canonical, Debian, Linuxfoundation and 1 more | 10 Ubuntu Linux, Debian Linux, Cups-filters and 7 more | 2024-08-06 | N/A |
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. | ||||
CVE-2015-3279 | 4 Canonical, Debian, Linuxfoundation and 1 more | 4 Ubuntu Linux, Debian Linux, Cups-filters and 1 more | 2024-08-06 | N/A |
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. | ||||
CVE-2015-3258 | 4 Canonical, Debian, Linuxfoundation and 1 more | 4 Ubuntu Linux, Debian Linux, Cups-filters and 1 more | 2024-08-06 | N/A |
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. | ||||
CVE-2015-2265 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Cups-filters | 2024-08-06 | N/A |
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | ||||
CVE-2015-1857 | 1 Linuxfoundation | 1 Opendaylight | 2024-08-06 | 5.3 Medium |
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions. | ||||
CVE-2016-3697 | 4 Docker, Linuxfoundation, Opensuse and 1 more | 4 Docker, Runc, Opensuse and 1 more | 2024-08-06 | 7.8 High |
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | ||||
CVE-2017-17697 | 1 Linuxfoundation | 1 Harbor | 2024-08-05 | 8.6 High |
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | ||||
CVE-2018-6336 | 1 Linuxfoundation | 1 Osquery | 2024-08-05 | 7.8 High |
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7 | ||||
CVE-2019-1010250 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | N/A |
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | ||||
CVE-2019-1010245 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | N/A |
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15. | ||||
CVE-2019-1010234 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | N/A |
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity. | ||||
CVE-2019-1010249 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | N/A |
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | ||||
CVE-2019-1010252 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-08-05 | N/A |
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity. |