Cups Security Vulnerabilities and Issues — Cups CVE List

Lucene search

AppleCups

8 matches found

CVE•added 2019/04/03 6:29 p.m.•496 views

CVE-2018-4300

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.

5.9CVSS5.7AI score0.00381EPSS

CVE•added 2014/07/29 2:55 p.m.•328 views

CVE-2014-5031

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

5CVSS7.1AI score0.01618EPSS

CVE•added 2018/03/26 5:29 p.m.•274 views

CVE-2017-18248

The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.

5.3CVSS5.3AI score0.01137EPSS

CVE•added 2011/08/19 5:55 p.m.•120 views

CVE-2011-2896

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte functio...

5.1CVSS7.3AI score0.09814EPSS

CVE•added 2011/08/19 5:55 p.m.•93 views

CVE-2011-3170

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than C...

5.1CVSS9.6AI score0.07686EPSS

CVE•added 2010/06/22 8:30 p.m.•77 views

CVE-2010-2432

The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.

5CVSS8.9AI score0.00829EPSS

CVE•added 2007/07/27 10:30 p.m.•57 views

CVE-2007-4045

The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.

5CVSS7.4AI score0.21696EPSS

CVE•added 2009/06/09 5:30 p.m.•52 views

CVE-2009-1196

The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."

5CVSS7.2AI score0.01284EPSS