VYPR

rpm package

suse/cups&distro=SUSE Linux Enterprise Desktop 12

pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Vulnerabilities (4)

  • CVE-2015-1159Jun 26, 2015
    affected < 1.7.5-9.1fixed 1.7.5-9.1

    Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.

  • CVE-2015-1158Jun 26, 2015
    affected < 1.7.5-9.1fixed 1.7.5-9.1

    The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JO

  • CVE-2014-9679Feb 19, 2015
    affected < 1.7.5-5.1fixed 1.7.5-5.1

    Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.

  • CVE-2012-5519Nov 20, 2012
    affected < 1.7.5-9.1fixed 1.7.5-9.1

    CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging th