CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8166
https://notcve.org/view.php?id=CVE-2014-8166
12 Jan 2018 — The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name. La característica de navegación en el servidor en CUPS no filtra secuencias de escape ANSI de nombres de impresora compartidos, lo que podría permitir que atacantes remotos ejecuten código arbitrario mediante un nombre de impresora manipulado. • http://www.openwall.com/lists/oss-security/2015/03/24/15 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 81%CPEs: 1EXPL: 4CVE-2015-1158 – CUPS < 2.0.3 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2015-1158
10 Jun 2015 — The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. La función add_job en scheduler/ipp.c en cupsd en CUPS anterior a 2.0.3 realiza incorrectamente las opera... • https://packetstorm.news/files/id/140920 • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 63%CPEs: 1EXPL: 2CVE-2015-1159 – cups: cross-site scripting flaw in CUPS web UI (VU#810572)
https://notcve.org/view.php?id=CVE-2015-1159
10 Jun 2015 — Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/. Vulnerabilidad de XSS en la función cgi_puts en cgi-bin/template.c en el motor de plantillas en CUPS anterior a 2.0.3 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro QUERY en help/. A cross-site scripting flaw was found in th... • https://packetstorm.news/files/id/132389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 9EXPL: 0CVE-2014-9679 – cups: cupsRasterReadPixels buffer overflow
https://notcve.org/view.php?id=CVE-2014-9679
19 Feb 2015 — Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. Desbordamiento de enteros en la función cupsRasterReadPixels en filter/raster.c en CUPS anterior a 2.0.2 permite a atacantes remotos tener un impacto no especificado a través de un fichero de raster comprimido malformado, lo que provoca un desbordamiento de buffer. An integer overflow flaw, ... • http://advisories.mageia.org/MGASA-2015-0067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2014-5029 – cups: Incomplete fix for CVE-2014-3537
https://notcve.org/view.php?id=CVE-2014-5029
28 Jul 2014 — The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. La interfaz web en CUPS 1.7.4 permite a usuarios locales en el grupo lp leer ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en /var/cache/cups/rss/ y language[0] configurado a nulo. NOTA: esta vulnerabilidad existe debido a ... • http://advisories.mageia.org/MGASA-2014-0313.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0CVE-2014-5030 – cups: allows local users to read arbitrary files via a symlink attack
https://notcve.org/view.php?id=CVE-2014-5030
28 Jul 2014 — CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. CUPS anterior a 2.0 permite a usuarios locales leer ficheros arbitrarios a través de un ataque de enlace simbólico sobre (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc o (6) index.py. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. ... • http://advisories.mageia.org/MGASA-2014-0313.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.4EPSS: 1%CPEs: 10EXPL: 0CVE-2014-5031 – cups: world-readable permissions
https://notcve.org/view.php?id=CVE-2014-5031
28 Jul 2014 — The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. La interfaz web en CUPS anterior a 2.0 no comprueba que los ficheros tienen permisos de lectura universal, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cup... • http://advisories.mageia.org/MGASA-2014-0313.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3537 – cups: insufficient checking leads to privilege escalation
https://notcve.org/view.php?id=CVE-2014-3537
21 Jul 2014 — The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. La interfaz web en CUPS anterior a 1.7.4 permite a usuarios locales en el grupo lp leer ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en /var/cache/cups/rss/. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges... • http://advisories.mageia.org/MGASA-2014-0313.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 1%CPEs: 111EXPL: 0CVE-2014-2856 – cups: cross-site scripting flaw fixed in the 1.7.2 release
https://notcve.org/view.php?id=CVE-2014-2856
18 Apr 2014 — Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. Vulnerabilidad de XSS en scheduler/client.c en Common Unix Printing System (CUPS) anterior a 1.7.2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de la ruta de URL, relacionado con la función is_path_absolute. A cross-site scripting (XSS) flaw wa... • http://advisories.mageia.org/MGASA-2014-0193.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2013-6891 – Ubuntu Security Notice USN-2082-1
https://notcve.org/view.php?id=CVE-2013-6891
15 Jan 2014 — lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. lppasswd en CUPS anteriores a 1.7.1, cuando se ejecuta con privilegios setuid, permite a usuarios locales leer porciones de archivos arbitrarios a través de una variable de entorno HOME modificada y un ataque symlink que involucra .cups/client.conf lppasswd in CUPS before 1.7.1, when running with ... • http://advisories.mageia.org/MGASA-2014-0021.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •