NotCVE - vendor:"Apple" product:"Cups" version:"1.7.4"

Page 2 of 14 results (0.003 seconds)

CVSS: 9.8EPSS: 5%CPEs: 9EXPL: 0

CVE-2014-9679 – cups: cupsRasterReadPixels buffer overflow

https://notcve.org/view.php?id=CVE-2014-9679

19 Feb 2015 — Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. Desbordamiento de enteros en la función cupsRasterReadPixels en filter/raster.c en CUPS anterior a 2.0.2 permite a atacantes remotos tener un impacto no especificado a través de un fichero de raster comprimido malformado, lo que provoca un desbordamiento de buffer. An integer overflow flaw, ... • http://advisories.mageia.org/MGASA-2015-0067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2014-5029 – cups: Incomplete fix for CVE-2014-3537

https://notcve.org/view.php?id=CVE-2014-5029

28 Jul 2014 — The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. La interfaz web en CUPS 1.7.4 permite a usuarios locales en el grupo lp leer ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en /var/cache/cups/rss/ y language[0] configurado a nulo. NOTA: esta vulnerabilidad existe debido a ... • http://advisories.mageia.org/MGASA-2014-0313.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0

CVE-2014-5030 – cups: allows local users to read arbitrary files via a symlink attack

https://notcve.org/view.php?id=CVE-2014-5030

28 Jul 2014 — CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. CUPS anterior a 2.0 permite a usuarios locales leer ficheros arbitrarios a través de un ataque de enlace simbólico sobre (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc o (6) index.py. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. ... • http://advisories.mageia.org/MGASA-2014-0313.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.4EPSS: 1%CPEs: 10EXPL: 0

CVE-2014-5031 – cups: world-readable permissions

https://notcve.org/view.php?id=CVE-2014-5031

28 Jul 2014 — The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. La interfaz web en CUPS anterior a 2.0 no comprueba que los ficheros tienen permisos de lectura universal, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cup... • http://advisories.mageia.org/MGASA-2014-0313.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-264: Permissions, Privileges, and Access Controls •

1 2