Under certain conditions, attackers can chain vulnerabilities in multiple components of the CUPS printing system to execute arbitrary code remotely on Linux machines, but the service is usually not enabled by default, mitigating the risk.
- CVE-2024-47076 (libcupsfilters)
- CVE-2024-47175 (libppd),
- CVE-2024-47176 (cups-browsed)
- CVE-2024-47177 (cups-filters)
"discovered by Simone Margaritelli, these security flaws don't affect systems in their default configuration."
Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances.