A critical set of unauthenticated Remote Code Execution (RCE) vulnerabilities in CUPS, affecting all GNU/Linux systems and potentially others, was disclosed today. These vulnerabilities allow a remote attacker to execute arbitrary code on a target system without valid credentials or prior access. Major organizations like Canonical and Red Hat have confirmed this flaw, assigning it a high severity with a CVSS score of 9.9 out of 10.
https://blog.qualys.com/vulnerabilities ... ng-systems