CVSS: 4.3EPSS: 0%CPEs: 111EXPL: 0CVE-2014-2856 – cups: cross-site scripting flaw fixed in the 1.7.2 release
https://notcve.org/view.php?id=CVE-2014-2856
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. Vulnerabilidad de XSS en scheduler/client.c en Common Unix Printing System (CUPS) anterior a 1.7.2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de la ruta de URL, relacionado con la función is_path_absolute. A cross-site scripting (XSS) flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. • http://advisories.mageia.org/MGASA-2014-0193.html http://rhn.redhat.com/errata/RHSA-2014-1388.html http://secunia.com/advisories/57880 http://www.cups.org/documentation.php/relnotes.html http://www.cups.org/str.php?L4356 http://www.mandriva.com/security/advisories?name=MDVSA-2015:108 http://www.openwall.com/lists/oss-security/2014/04/14/2 http://www.openwall.com/lists/oss-security/2014/04/15/3 http://www.securityfocus.com/bid/66788 http://www.ubuntu.com/u • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 1.2EPSS: 0%CPEs: 6EXPL: 1CVE-2013-6891
https://notcve.org/view.php?id=CVE-2013-6891
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. lppasswd en CUPS anteriores a 1.7.1, cuando se ejecuta con privilegios setuid, permite a usuarios locales leer porciones de archivos arbitrarios a través de una variable de entorno HOME modificada y un ataque symlink que involucra .cups/client.conf • http://advisories.mageia.org/MGASA-2014-0021.html http://secunia.com/advisories/56531 http://www.cups.org/blog.php?L704 http://www.cups.org/str.php?L4319 http://www.mandriva.com/security/advisories?name=MDVSA-2014:015 http://www.ubuntu.com/usn/USN-2082-1 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 0CVE-2012-6094
https://notcve.org/view.php?id=CVE-2012-6094
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system La opción "Listen localhost:631" de cups (Common Unix Printing System) no acepto correctamente, que podría proporcionar acceso no autorizado al sistema. • http://www.openwall.com/lists/oss-security/2013/01/04/5 http://www.securityfocus.com/bid/57158 https://access.redhat.com/security/cve/cve-2012-6094 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6094 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6094 https://exchange.xforce.ibmcloud.com/vulnerabilities/82451 https://security-tracker.debian.org/tracker/CVE-2012-6094 • CWE-863: Incorrect Authorization •