rpm package
suse/cups&distro=SUSE Linux Enterprise Server for SAP Applications 12
pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1159 | — | < 1.7.5-9.1 | 1.7.5-9.1 | Jun 26, 2015 | Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/. | ||
| CVE-2015-1158 | — | < 1.7.5-9.1 | 1.7.5-9.1 | Jun 26, 2015 | The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JO | ||
| CVE-2014-9679 | — | < 1.7.5-5.1 | 1.7.5-5.1 | Feb 19, 2015 | Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. | ||
| CVE-2012-5519 | — | < 1.7.5-9.1 | 1.7.5-9.1 | Nov 20, 2012 | CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging th |
- CVE-2015-1159Jun 26, 2015affected < 1.7.5-9.1fixed 1.7.5-9.1
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
- CVE-2015-1158Jun 26, 2015affected < 1.7.5-9.1fixed 1.7.5-9.1
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JO
- CVE-2014-9679Feb 19, 2015affected < 1.7.5-5.1fixed 1.7.5-5.1
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
- CVE-2012-5519Nov 20, 2012affected < 1.7.5-9.1fixed 1.7.5-9.1
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging th