CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0CVE-2008-1033
https://notcve.org/view.php?id=CVE-2008-1033
The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables." El planificador en CUPS en Apple Mac OS X versiones 10.5 anteriores a 10.5.3, cuando el registro de depuración está habilitado y una impresora requiere una contraseña, permite a los atacantes obtener información confidencial (credenciales) mediante la lectura los datos de registro, relacionados con "authentication environment variables." • http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://secunia.com/advisories/30430 http://securitytracker.com/id?1020145 http://www.securityfocus.com/bid/29412 http://www.securityfocus.com/bid/29484 http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/42713 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2008-1374 – cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
https://notcve.org/view.php?id=CVE-2008-1374
Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888. Desbordamiento de entero en el filtro pdftops de CUPS en Red Hat Enterprise Linux 3 y 4, cuando corren en plataformas de 64-bits, permite a atacantes remotos ejecutar código de su elección a través de ficheros PDF manipulados. NOTA: esta cuestión es debida a un parche incompleto para CVE-2004-0888. • http://secunia.com/advisories/29630 http://secunia.com/advisories/31388 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0245 http://www.redhat.com/support/errata/RHSA-2008-0206.html http://www.securityfocus.com/archive/1/495164/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41758 https://issues.rpath.com/browse/RPL-2390 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9636 https://access.redhat.com/security/cve/CVE-2008-1374& • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 21%CPEs: 76EXPL: 0CVE-2008-0053 – cups: buffer overflows in HP-GL/2 filter
https://notcve.org/view.php?id=CVE-2008-0053
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. Múltiples desbordamientos de búfer en el filtro HP-GL/2-a-PostScript en CUPS versiones anteriores a 1.3.6, podrían permitir a los atacantes remotos ejecutar código arbitrario por medio de un archivo HP-GL/2 diseñado. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00003.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29573 http://secunia.com/advisories/29603 http://secunia.com/advisories/29630 http://secunia.com/advisories/29634 http://secunia.com/advisories/29655 http://secunia.com/advisories/29659 http://secunia.com/advisories/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 86%CPEs: 3EXPL: 0CVE-2008-0047 – cups: heap based buffer overflow in cgiCompileSearch()
https://notcve.org/view.php?id=CVE-2008-0047
Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. Un desbordamiento de búfer en la región heap de la memoria en la función cgiCompileSearch en CUPS versión 1.3.5 y otras versiones incluyendo la versión incorporada con Apple Mac OS X versión 10.5.2, cuando el uso compartido de impresoras está habilitado, permite a los atacantes remotos ejecutar código arbitrario por medio de expresiones de búsqueda diseñadas. • http://docs.info.apple.com/article.html?artnum=307562 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00005.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29431 http://secunia.com/advisories/29448 http://secunia.com/advisories/29485 http://secunia.com/advisories/29573 http://secunia.com/advisories/29603 h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 43%CPEs: 6EXPL: 1CVE-2007-5849 – Common UNIX Printing System 1.2/1.3 SNMP - 'asn1_get_string()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-5849
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. Un subdesbordamiento de enteros en la función asn1_get_string en el back end de SNMP (backend/snmp.c) para CUPS versiones 1.2 hasta 1.3.4, permite a los atacantes remotos ejecutar código arbitrario por medio de una respuesta SNMP especialmente diseñada que desencadena un desbordamiento de búfer en la región stack de la memoria. • https://www.exploit-db.com/exploits/30898 http://bugs.gentoo.org/show_bug.cgi?id=201570 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00003.html http://secunia.com/advisories/28113 http://secunia.com/advisories/28129 http://secunia.com/advisories/28136 http://secunia.com/advisories/28200 http://secunia.com/advisories/28386 http:// • CWE-189: Numeric Errors •