Cups Security Vulnerabilities and Issues — Cups CVE List

Lucene search

AppleCups

6 matches found

CVE•added 2014/07/29 2:55 p.m.•328 views

CVE-2014-5031

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

5CVSS7.1AI score0.01618EPSS

CVE•added 2014/04/18 2:55 p.m.•241 views

CVE-2014-2856

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.

4.3CVSS6.5AI score0.01035EPSS

CVE•added 2014/07/29 2:55 p.m.•184 views

CVE-2014-5030

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.

1.9CVSS7AI score0.00052EPSS

CVE•added 2014/07/23 2:55 p.m.•175 views

CVE-2014-3537

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

1.2CVSS7.4AI score0.00053EPSS

CVE•added 2014/01/26 1:55 a.m.•168 views

CVE-2013-6891

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.

1.2CVSS6AI score0.00054EPSS

CVE•added 2014/07/29 2:55 p.m.•69 views

CVE-2014-5029

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.

1.5CVSS7.1AI score0.00053EPSS