Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Cups Security Vulnerabilities - CVSS Score 5 - 6

cve
cve

CVE-2007-4045

The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.

7.4AI Score

0.03EPSS

2007-07-27 10:30 PM
35
cve
cve

CVE-2009-1196

The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."

7.2AI Score

0.051EPSS

2009-06-09 05:30 PM
39
4
cve
cve

CVE-2010-2432

The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.

8.9AI Score

0.006EPSS

2010-06-22 08:30 PM
59
cve
cve

CVE-2011-2896

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte functio...

7.3AI Score

0.103EPSS

2011-08-19 05:55 PM
99
cve
cve

CVE-2011-3170

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than C...

9.6AI Score

0.557EPSS

2011-08-19 05:55 PM
67
cve
cve

CVE-2014-5031

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

7.1AI Score

0.005EPSS

2014-07-29 02:55 PM
240
cve
cve

CVE-2017-18248

The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.

5.3CVSS

5.3AI Score

0.016EPSS

2018-03-26 05:29 PM
245
2
cve
cve

CVE-2018-4300

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.

5.9CVSS

5.7AI Score

0.002EPSS

2019-04-03 06:29 PM
458
3