Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2010-2941 | 9.3 |
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbi
|
02-02-2024 - 16:35 | 05-11-2010 - 17:00 | |
CVE-2012-5519 | 7.2 |
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary
|
13-02-2023 - 00:26 | 20-11-2012 - 00:55 | |
CVE-2011-2896 | 5.1 |
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in
|
07-02-2022 - 18:44 | 19-08-2011 - 17:55 | |
CVE-2020-3898 | 4.6 |
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges.
|
21-07-2021 - 11:39 | 22-10-2020 - 18:15 | |
CVE-2019-8696 | 6.5 |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execu
|
30-10-2020 - 02:22 | 27-10-2020 - 20:15 | |
CVE-2018-4700 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this c
|
05-08-2019 - 19:15 | 05-08-2019 - 19:15 | |
CVE-2015-1159 | 4.3 |
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
|
23-09-2017 - 01:29 | 26-06-2015 - 10:59 | |
CVE-2014-5031 | 5.0 |
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
|
07-01-2017 - 03:00 | 29-07-2014 - 14:55 |