| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2010-2941 | 9.3 |
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbi
|
02-02-2024 - 16:35 | 05-11-2010 - 17:00 | |
| CVE-2012-5519 | 7.2 |
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary
|
13-02-2023 - 00:26 | 20-11-2012 - 00:55 | |
| CVE-2011-2896 | 5.1 |
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in
|
07-02-2022 - 18:44 | 19-08-2011 - 17:55 | |
| CVE-2015-1159 | 4.3 |
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
|
23-09-2017 - 01:29 | 26-06-2015 - 10:59 | |
| CVE-2014-5031 | 5.0 |
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
|
07-01-2017 - 03:00 | 29-07-2014 - 14:55 |