Search CVE reports
51 – 60 of 135 results
CVE-2014-2856
Medium priorityCross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.
1 affected package
cups
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
CVE-2014-2707
High prioritycups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
1 affected package
cups-filters
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups-filters | — | — | — | — | — |
CVE-2013-6476
Medium priorityThe OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
2 affected packages
cups, cups-filters
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cups-filters | — | — | — | — | — |
CVE-2013-6475
Medium priorityMultiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers...
2 affected packages
cups, cups-filters
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cups-filters | — | — | — | — | — |
CVE-2013-6474
Medium priorityHeap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
2 affected packages
cups, cups-filters
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cups-filters | — | — | — | — | — |
CVE-2013-6473
Medium priorityMultiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.
2 affected packages
cups, cups-filters
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cups-filters | — | — | — | — | — |
CVE-2013-6891
Medium prioritylppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
1 affected package
cups
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
CVE-2012-4510
Medium prioritySome fixes available 3 of 4
cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.
1 affected package
cups-pk-helper
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups-pk-helper | — | — | — | — | — |
CVE-2012-5519
Medium priorityCUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read...
2 affected packages
cups, cupsys
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cupsys | — | — | — | — | — |
CVE-2011-3170
Medium prioritySome fixes available 4 of 35
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute...
4 affected packages
cups, cupsys, gimp, swi-prolog
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | Not affected | Not affected | Not affected | Not affected | Not affected |
cupsys | Not in release | Not in release | Not in release | Not in release | Not in release |
gimp | Not affected | Not affected | Not affected | Not affected | Not affected |
swi-prolog | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |