Search CVE reports


Toggle filters

51 – 60 of 135 results


CVE-2014-2856

Medium priority
Fixed

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.

1 affected package

cups

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cups
Show less packages

CVE-2014-2707

High priority
Fixed

cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."

1 affected package

cups-filters

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cups-filters
Show less packages

CVE-2013-6476

Medium priority
Fixed

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.

2 affected packages

cups, cups-filters

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cups
cups-filters
Show less packages

CVE-2013-6475

Medium priority
Fixed

Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers...

2 affected packages

cups, cups-filters

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cups
cups-filters
Show less packages

CVE-2013-6474

Medium priority
Fixed

Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.

2 affected packages

cups, cups-filters

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cups
cups-filters
Show less packages

CVE-2013-6473

Medium priority
Fixed

Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.

2 affected packages

cups, cups-filters

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cups
cups-filters
Show less packages

CVE-2013-6891

Medium priority
Fixed

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.

1 affected package

cups

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cups
Show less packages

CVE-2012-4510

Medium priority

Some fixes available 3 of 4

cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.

1 affected package

cups-pk-helper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cups-pk-helper
Show less packages

CVE-2012-5519

Medium priority
Fixed

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read...

2 affected packages

cups, cupsys

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cups
cupsys
Show less packages

CVE-2011-3170

Medium priority

Some fixes available 4 of 35

The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute...

4 affected packages

cups, cupsys, gimp, swi-prolog

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cups Not affected Not affected Not affected Not affected Not affected
cupsys Not in release Not in release Not in release Not in release Not in release
gimp Not affected Not affected Not affected Not affected Not affected
swi-prolog Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages