Cups@1.4.4 Security Vulnerabilities and Issues — Cups@1.4.4 CVE List

Lucene search

AppleCups1.4.4

3 matches found

CVE•added 2012/11/20 12:55 a.m.•1008 views

CVE-2012-5519

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.

7.2CVSS8.6AI score0.15874EPSS

CVE•added 2014/04/18 2:55 p.m.•241 views

CVE-2014-2856

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.

4.3CVSS6.5AI score0.01035EPSS

CVE•added 2011/08/19 5:55 p.m.•93 views

CVE-2011-3170

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than C...

5.1CVSS9.6AI score0.07686EPSS