CVE-2015-1158

HIGH Year: 2015
CVSS v2 Score
10.0
Critical
Weakness Type
CWE-254
View all →

Vulnerability Description

The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.

Related Vulnerabilities

CVE-2016-5788

CRITICAL
CVSS:10.0(Critical)

General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via ...

CWE-2542016

CVE-2011-3145

CRITICAL
CVSS:9.8(Critical)

When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of th...

CWE-2542011

CVE-2011-4889

CRITICAL
CVSS:9.8(Critical)

The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does n...

CWE-2542011

CVE-2014-5334

CRITICAL
CVSS:9.8(Critical)

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.

CWE-2542014

CVE-2015-6473

CRITICAL
CVSS:9.8(Critical)

WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.

CWE-2542015

CVE-2015-7554

CRITICAL
CVSS:9.8(Critical)

The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field dat...

CWE-2542015