var-201802-0492
Vulnerability from variot

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). CUPS Contains vulnerabilities related to security features.Information may be tampered with. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. This vulnerability can be used to execute arbitrary IPP commands. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Bug Fix(es):

  • Gather image registry config (backport to 4.3) (BZ#1836815)

  • Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176)

  • Login with OpenShift not working after cluster upgrade (BZ#1852429)

  • Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018)

  • [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110)

  • [release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293)

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64

The image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-s390x The image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le

The image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc

  1. Solution:

For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):

1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1836815 - Gather image registry config (backport to 4.3) 1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist 1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator 1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized 1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2020:3864-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3864 Issue date: 2020-09-29 CVE Names: CVE-2017-18190 CVE-2019-8675 CVE-2019-8696 ==================================================================== 1. Summary:

An update for cups is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.

Security Fix(es):

  • cups: DNS rebinding attacks via incorrect whitelist (CVE-2017-18190)

  • cups: stack-buffer-overflow in libcups's asn1_get_type function (CVE-2019-8675)

  • cups: stack-buffer-overflow in libcups's asn1_get_packed function (CVE-2019-8696)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the cupsd service will be restarted automatically.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1546395 - CVE-2017-18190 cups: DNS rebinding attacks via incorrect whitelist 1715907 - CUPS- client: cupsGetPPD3() function tries to load PPD from IPP printer and not from the CUPS queue 1738455 - CVE-2019-8675 cups: stack-buffer-overflow in libcups's asn1_get_type function 1738497 - CVE-2019-8696 cups: stack-buffer-overflow in libcups's asn1_get_packed function

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: cups-1.6.3-51.el7.src.rpm

noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm

x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: cups-1.6.3-51.el7.src.rpm

noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm

x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: cups-1.6.3-51.el7.src.rpm

noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm

ppc64: cups-1.6.3-51.el7.ppc64.rpm cups-client-1.6.3-51.el7.ppc64.rpm cups-debuginfo-1.6.3-51.el7.ppc.rpm cups-debuginfo-1.6.3-51.el7.ppc64.rpm cups-devel-1.6.3-51.el7.ppc.rpm cups-devel-1.6.3-51.el7.ppc64.rpm cups-libs-1.6.3-51.el7.ppc.rpm cups-libs-1.6.3-51.el7.ppc64.rpm cups-lpd-1.6.3-51.el7.ppc64.rpm

ppc64le: cups-1.6.3-51.el7.ppc64le.rpm cups-client-1.6.3-51.el7.ppc64le.rpm cups-debuginfo-1.6.3-51.el7.ppc64le.rpm cups-devel-1.6.3-51.el7.ppc64le.rpm cups-libs-1.6.3-51.el7.ppc64le.rpm cups-lpd-1.6.3-51.el7.ppc64le.rpm

s390x: cups-1.6.3-51.el7.s390x.rpm cups-client-1.6.3-51.el7.s390x.rpm cups-debuginfo-1.6.3-51.el7.s390.rpm cups-debuginfo-1.6.3-51.el7.s390x.rpm cups-devel-1.6.3-51.el7.s390.rpm cups-devel-1.6.3-51.el7.s390x.rpm cups-libs-1.6.3-51.el7.s390.rpm cups-libs-1.6.3-51.el7.s390x.rpm cups-lpd-1.6.3-51.el7.s390x.rpm

x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: cups-debuginfo-1.6.3-51.el7.ppc64.rpm cups-ipptool-1.6.3-51.el7.ppc64.rpm

ppc64le: cups-debuginfo-1.6.3-51.el7.ppc64le.rpm cups-ipptool-1.6.3-51.el7.ppc64le.rpm

s390x: cups-debuginfo-1.6.3-51.el7.s390x.rpm cups-ipptool-1.6.3-51.el7.s390x.rpm

x86_64: cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: cups-1.6.3-51.el7.src.rpm

noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm

x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2017-18190 https://access.redhat.com/security/cve/CVE-2019-8675 https://access.redhat.com/security/cve/CVE-2019-8696 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBX3OfSNzjgjWX9erEAQip1g//fGQ6FQsoJ/QpnHB9KiGT507Wl0HwxQYz FaaarvC/P+E78cXLDikMs/eIY9dIXeyOZyPja/u4sNSwl/ZwPxqrm7ikV0va3UrE +NciXotVICT59ONqmFwNoBsAkxHG84hDxuhRKe8MDgJQWrOruXsbzxzznQam6s4v etRS7p8TPKDyYCGqQui8WRvFWQtVbtFHGR7Gnz5AMkTFanUqU9dxQu070UbUtkNl 6TpB++/AU9X48a/RkLlt7rgtEAT0eG0VJkPUxhollegIWxTq6ICuKwLcnH7jnphD nY5DEUE7NdP8rPkw9XKnKSlkIR68M3SMDhu/cfvwfj0QzsjzERRNdOIbKiFiV3/w Ayp2r2r9XxWAUXp7Rgm6meRlmNv+lTAyTXLVo3VrtGpU6221vszaiLhlQikqExsu 9DwvLWMyabQrdv+eWCYCRYyz/oiv+j7LjB6sN83baF9nF7WBSTIeTVq3ZgMo/orX vWmaRdN0ozVtKKsVGtns7Cb9UUIpU2h903i3VNa6SJKS1TyiqvkfG7Yq+h63BDyw CB3c0K/3W/KX9GhbqVLM/q45xBPkqCCliSoeibSL+LgbgAXokIXd4Pen9C76h6g2 FsI6JQ/SQ8iPaXDyWd8P7BVANKBIL/tXknRCQSUjC7mGJA372/euzQw98+FYCUzq RML7ea/mqjI=bzrd -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3577-1 February 21, 2018

cups vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary:

CUPS could be made to provide access to printers over the network.

Software Description: - cups: Common UNIX Printing System(tm)

Details:

Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack. (CVE-2017-18190)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: cups 2.1.3-4ubuntu0.4

Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.9

In general, a standard system update will make all the necessary changes

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201802-0492",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cups",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "apple",
        "version": "2.2.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "gnu/linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "debian",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012680"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-18190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-883"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-18190"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "159661"
      },
      {
        "db": "PACKETSTORM",
        "id": "159343"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-883"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2017-18190",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-18190",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-109288",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-18190",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-18190",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201802-883",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-109288",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-18190",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-109288"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-18190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012680"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-18190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-883"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). CUPS Contains vulnerabilities related to security features.Information may be tampered with. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. This vulnerability can be used to execute arbitrary IPP commands. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nBug Fix(es):\n\n* Gather image registry config (backport to 4.3) (BZ#1836815)\n\n* Builds fail after running postCommit script if OCP cluster is configured\nwith a container registry whitelist (BZ#1849176)\n\n* Login with OpenShift not working after cluster upgrade (BZ#1852429)\n\n* Limit the size of gathered federated metrics from alerts in Insights\nOperator (BZ#1874018)\n\n* [4.3] Storage operator stops reconciling when going Upgradeable=False on\nv1alpha1 CRDs (BZ#1879110)\n\n* [release 4.3] OpenShift APIs become unavailable for more than 15 minutes\nafter one of master nodes went down(OAuth) (BZ#1880293)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-x86_64\n\nThe image digest is\nsha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-s390x\nThe image digest is\nsha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le\n\nThe image digest is\nsha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc\n\n3. Solution:\n\nFor OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1836815 - Gather image registry config (backport to 4.3)\n1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist\n1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator\n1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized\n1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: cups security and bug fix update\nAdvisory ID:       RHSA-2020:3864-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:3864\nIssue date:        2020-09-29\nCVE Names:         CVE-2017-18190 CVE-2019-8675 CVE-2019-8696\n====================================================================\n1. Summary:\n\nAn update for cups is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor Linux, UNIX, and similar operating systems. \n\nSecurity Fix(es):\n\n* cups: DNS rebinding attacks via incorrect whitelist (CVE-2017-18190)\n\n* cups: stack-buffer-overflow in libcups\u0027s asn1_get_type function\n(CVE-2019-8675)\n\n* cups: stack-buffer-overflow in libcups\u0027s asn1_get_packed function\n(CVE-2019-8696)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the cupsd service will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1546395 - CVE-2017-18190 cups: DNS rebinding attacks via incorrect whitelist\n1715907 - CUPS- client: cupsGetPPD3() function tries to load PPD from IPP printer and not from the CUPS queue\n1738455 - CVE-2019-8675 cups: stack-buffer-overflow in libcups\u0027s asn1_get_type function\n1738497 - CVE-2019-8696 cups: stack-buffer-overflow in libcups\u0027s asn1_get_packed function\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ncups-1.6.3-51.el7.src.rpm\n\nnoarch:\ncups-filesystem-1.6.3-51.el7.noarch.rpm\n\nx86_64:\ncups-1.6.3-51.el7.x86_64.rpm\ncups-client-1.6.3-51.el7.x86_64.rpm\ncups-debuginfo-1.6.3-51.el7.i686.rpm\ncups-debuginfo-1.6.3-51.el7.x86_64.rpm\ncups-libs-1.6.3-51.el7.i686.rpm\ncups-libs-1.6.3-51.el7.x86_64.rpm\ncups-lpd-1.6.3-51.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ncups-debuginfo-1.6.3-51.el7.i686.rpm\ncups-debuginfo-1.6.3-51.el7.x86_64.rpm\ncups-devel-1.6.3-51.el7.i686.rpm\ncups-devel-1.6.3-51.el7.x86_64.rpm\ncups-ipptool-1.6.3-51.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ncups-1.6.3-51.el7.src.rpm\n\nnoarch:\ncups-filesystem-1.6.3-51.el7.noarch.rpm\n\nx86_64:\ncups-1.6.3-51.el7.x86_64.rpm\ncups-client-1.6.3-51.el7.x86_64.rpm\ncups-debuginfo-1.6.3-51.el7.i686.rpm\ncups-debuginfo-1.6.3-51.el7.x86_64.rpm\ncups-libs-1.6.3-51.el7.i686.rpm\ncups-libs-1.6.3-51.el7.x86_64.rpm\ncups-lpd-1.6.3-51.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ncups-debuginfo-1.6.3-51.el7.i686.rpm\ncups-debuginfo-1.6.3-51.el7.x86_64.rpm\ncups-devel-1.6.3-51.el7.i686.rpm\ncups-devel-1.6.3-51.el7.x86_64.rpm\ncups-ipptool-1.6.3-51.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ncups-1.6.3-51.el7.src.rpm\n\nnoarch:\ncups-filesystem-1.6.3-51.el7.noarch.rpm\n\nppc64:\ncups-1.6.3-51.el7.ppc64.rpm\ncups-client-1.6.3-51.el7.ppc64.rpm\ncups-debuginfo-1.6.3-51.el7.ppc.rpm\ncups-debuginfo-1.6.3-51.el7.ppc64.rpm\ncups-devel-1.6.3-51.el7.ppc.rpm\ncups-devel-1.6.3-51.el7.ppc64.rpm\ncups-libs-1.6.3-51.el7.ppc.rpm\ncups-libs-1.6.3-51.el7.ppc64.rpm\ncups-lpd-1.6.3-51.el7.ppc64.rpm\n\nppc64le:\ncups-1.6.3-51.el7.ppc64le.rpm\ncups-client-1.6.3-51.el7.ppc64le.rpm\ncups-debuginfo-1.6.3-51.el7.ppc64le.rpm\ncups-devel-1.6.3-51.el7.ppc64le.rpm\ncups-libs-1.6.3-51.el7.ppc64le.rpm\ncups-lpd-1.6.3-51.el7.ppc64le.rpm\n\ns390x:\ncups-1.6.3-51.el7.s390x.rpm\ncups-client-1.6.3-51.el7.s390x.rpm\ncups-debuginfo-1.6.3-51.el7.s390.rpm\ncups-debuginfo-1.6.3-51.el7.s390x.rpm\ncups-devel-1.6.3-51.el7.s390.rpm\ncups-devel-1.6.3-51.el7.s390x.rpm\ncups-libs-1.6.3-51.el7.s390.rpm\ncups-libs-1.6.3-51.el7.s390x.rpm\ncups-lpd-1.6.3-51.el7.s390x.rpm\n\nx86_64:\ncups-1.6.3-51.el7.x86_64.rpm\ncups-client-1.6.3-51.el7.x86_64.rpm\ncups-debuginfo-1.6.3-51.el7.i686.rpm\ncups-debuginfo-1.6.3-51.el7.x86_64.rpm\ncups-devel-1.6.3-51.el7.i686.rpm\ncups-devel-1.6.3-51.el7.x86_64.rpm\ncups-libs-1.6.3-51.el7.i686.rpm\ncups-libs-1.6.3-51.el7.x86_64.rpm\ncups-lpd-1.6.3-51.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\ncups-debuginfo-1.6.3-51.el7.ppc64.rpm\ncups-ipptool-1.6.3-51.el7.ppc64.rpm\n\nppc64le:\ncups-debuginfo-1.6.3-51.el7.ppc64le.rpm\ncups-ipptool-1.6.3-51.el7.ppc64le.rpm\n\ns390x:\ncups-debuginfo-1.6.3-51.el7.s390x.rpm\ncups-ipptool-1.6.3-51.el7.s390x.rpm\n\nx86_64:\ncups-debuginfo-1.6.3-51.el7.x86_64.rpm\ncups-ipptool-1.6.3-51.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ncups-1.6.3-51.el7.src.rpm\n\nnoarch:\ncups-filesystem-1.6.3-51.el7.noarch.rpm\n\nx86_64:\ncups-1.6.3-51.el7.x86_64.rpm\ncups-client-1.6.3-51.el7.x86_64.rpm\ncups-debuginfo-1.6.3-51.el7.i686.rpm\ncups-debuginfo-1.6.3-51.el7.x86_64.rpm\ncups-devel-1.6.3-51.el7.i686.rpm\ncups-devel-1.6.3-51.el7.x86_64.rpm\ncups-libs-1.6.3-51.el7.i686.rpm\ncups-libs-1.6.3-51.el7.x86_64.rpm\ncups-lpd-1.6.3-51.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\ncups-debuginfo-1.6.3-51.el7.x86_64.rpm\ncups-ipptool-1.6.3-51.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-18190\nhttps://access.redhat.com/security/cve/CVE-2019-8675\nhttps://access.redhat.com/security/cve/CVE-2019-8696\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3OfSNzjgjWX9erEAQip1g//fGQ6FQsoJ/QpnHB9KiGT507Wl0HwxQYz\nFaaarvC/P+E78cXLDikMs/eIY9dIXeyOZyPja/u4sNSwl/ZwPxqrm7ikV0va3UrE\n+NciXotVICT59ONqmFwNoBsAkxHG84hDxuhRKe8MDgJQWrOruXsbzxzznQam6s4v\netRS7p8TPKDyYCGqQui8WRvFWQtVbtFHGR7Gnz5AMkTFanUqU9dxQu070UbUtkNl\n6TpB++/AU9X48a/RkLlt7rgtEAT0eG0VJkPUxhollegIWxTq6ICuKwLcnH7jnphD\nnY5DEUE7NdP8rPkw9XKnKSlkIR68M3SMDhu/cfvwfj0QzsjzERRNdOIbKiFiV3/w\nAyp2r2r9XxWAUXp7Rgm6meRlmNv+lTAyTXLVo3VrtGpU6221vszaiLhlQikqExsu\n9DwvLWMyabQrdv+eWCYCRYyz/oiv+j7LjB6sN83baF9nF7WBSTIeTVq3ZgMo/orX\nvWmaRdN0ozVtKKsVGtns7Cb9UUIpU2h903i3VNa6SJKS1TyiqvkfG7Yq+h63BDyw\nCB3c0K/3W/KX9GhbqVLM/q45xBPkqCCliSoeibSL+LgbgAXokIXd4Pen9C76h6g2\nFsI6JQ/SQ8iPaXDyWd8P7BVANKBIL/tXknRCQSUjC7mGJA372/euzQw98+FYCUzq\nRML7ea/mqjI=bzrd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-3577-1\nFebruary 21, 2018\n\ncups vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nCUPS could be made to provide access to printers over the network. \n\nSoftware Description:\n- cups: Common UNIX Printing System(tm)\n\nDetails:\n\nJann Horn discovered that CUPS permitted HTTP requests with the Host\nheader set to \"localhost.localdomain\" from the loopback interface. If a\nuser were tricked in to opening a specially crafted website in their web\nbrowser, an attacker could potentially exploit this to obtain sensitive\ninformation or control printers, via a DNS rebinding attack. \n(CVE-2017-18190)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  cups                            2.1.3-4ubuntu0.4\n\nUbuntu 14.04 LTS:\n  cups                            1.7.2-0ubuntu1.9\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-18190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012680"
      },
      {
        "db": "VULHUB",
        "id": "VHN-109288"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-18190"
      },
      {
        "db": "PACKETSTORM",
        "id": "159661"
      },
      {
        "db": "PACKETSTORM",
        "id": "159343"
      },
      {
        "db": "PACKETSTORM",
        "id": "146494"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-109288",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-109288"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-18190",
        "trust": 2.9
      },
      {
        "db": "PACKETSTORM",
        "id": "159343",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159661",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012680",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-883",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3631",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3376",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "146494",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-109288",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-18190",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-109288"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-18190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012680"
      },
      {
        "db": "PACKETSTORM",
        "id": "159661"
      },
      {
        "db": "PACKETSTORM",
        "id": "159343"
      },
      {
        "db": "PACKETSTORM",
        "id": "146494"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-18190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-883"
      }
    ]
  },
  "id": "VAR-201802-0492",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-109288"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:27:48.891000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[SECURITY] [DLA 1288-1] cups security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html"
      },
      {
        "title": "Don\u0027t treat \"localhost.localdomain\" as an allowed replacement for localhost, since it isn\u0027t.",
        "trust": 0.8,
        "url": "https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41"
      },
      {
        "title": "Apple CUPS Fixing measures for security feature vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92097"
      },
      {
        "title": "Ubuntu Security Notice: cups vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3577-1"
      },
      {
        "title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204264 - security advisory"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-18190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012680"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-883"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-290",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-254",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-109288"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012680"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-18190"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/3577-1/"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1048"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18190"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18190"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3376/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159343/red-hat-security-advisory-2020-3864-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3631/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8696"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-8675"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2017-18190"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/290.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp2-cve-2017-18190"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4264"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12749"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-2974"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17023"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-6829"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12403"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20388"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11756"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12243"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5482"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14973"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17498"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18197"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7595"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17006"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2226"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2780"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16935"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5094"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19956"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-12450"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2974"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2752"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20386"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2574"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17546"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14352"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14822"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14822"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12400"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11727"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15903"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2225"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8492"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12825"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20843"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12402"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2181"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-12652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12401"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11719"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.3/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2224"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5188"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9283"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11068"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2812"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8675"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8696"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3864"
      },
      {
        "trust": 0.1,
        "url": "https://www.ubuntu.com/usn/usn-3577-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.4"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-109288"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-18190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012680"
      },
      {
        "db": "PACKETSTORM",
        "id": "159661"
      },
      {
        "db": "PACKETSTORM",
        "id": "159343"
      },
      {
        "db": "PACKETSTORM",
        "id": "146494"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-18190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-883"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-109288"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-18190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012680"
      },
      {
        "db": "PACKETSTORM",
        "id": "159661"
      },
      {
        "db": "PACKETSTORM",
        "id": "159343"
      },
      {
        "db": "PACKETSTORM",
        "id": "146494"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-18190"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-883"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-02-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-109288"
      },
      {
        "date": "2018-02-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-18190"
      },
      {
        "date": "2018-04-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012680"
      },
      {
        "date": "2020-10-21T15:40:32",
        "db": "PACKETSTORM",
        "id": "159661"
      },
      {
        "date": "2020-09-30T15:42:35",
        "db": "PACKETSTORM",
        "id": "159343"
      },
      {
        "date": "2018-02-20T22:25:00",
        "db": "PACKETSTORM",
        "id": "146494"
      },
      {
        "date": "2018-02-16T17:29:00.217000",
        "db": "NVD",
        "id": "CVE-2017-18190"
      },
      {
        "date": "2018-02-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201802-883"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-109288"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-18190"
      },
      {
        "date": "2018-04-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012680"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-18190"
      },
      {
        "date": "2020-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201802-883"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-883"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CUPS Vulnerabilities related to security functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012680"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "security feature problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-883"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.