Cups
Source repositories
CVEs (39)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0923 | 0.00 | — | 0.00 | Jan 27, 2005 | CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords. | |||
| CVE-2004-0889 | 0.00 | — | 0.06 | Jan 27, 2005 | Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. | |||
| CVE-2004-0926 | 0.00 | — | 0.05 | Jan 27, 2005 | Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image. | |||
| CVE-2004-0927 | 0.00 | — | 0.01 | Jan 27, 2005 | ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions. | |||
| CVE-2004-1269 | 0.00 | — | 0.09 | Jan 10, 2005 | lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail. | |||
| CVE-2004-1268 | 0.00 | — | 0.00 | Jan 10, 2005 | lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors. | |||
| CVE-2004-1270 | 0.00 | — | 0.00 | Jan 10, 2005 | lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user… | |||
| CVE-2003-0788 | 0.00 | — | 0.02 | Dec 1, 2003 | Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631). | |||
| CVE-2002-1384 | 0.00 | — | 0.01 | Jan 2, 2003 | Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf. | |||
| CVE-2002-1366 | 0.00 | — | 0.00 | Dec 26, 2002 | Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream. | |||
| CVE-2002-1371 | 0.00 | — | 0.05 | Dec 26, 2002 | filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif. | |||
| CVE-2002-1367 | 0.00 | — | 0.04 | Dec 26, 2002 | Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server… | |||
| CVE-2002-0063 | 0.00 | — | 0.04 | Mar 8, 2002 | Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values. | |||
| CVE-2001-1333 | 0.00 | — | 0.00 | May 10, 2001 | Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files. | |||
| CVE-2001-1332 | 0.00 | — | 0.04 | May 10, 2001 | Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code. | |||
| CVE-2001-0194 | 0.00 | — | 0.04 | May 3, 2001 | Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line. | |||
| CVE-2000-0513 | 0.00 | — | 0.02 | Jun 21, 2000 | CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password. | |||
| CVE-2000-0511 | 0.00 | — | 0.02 | Jun 21, 2000 | CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request. | |||
| CVE-2000-0512 | 0.00 | — | 0.02 | Jun 16, 2000 | CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service. |
- CVE-2004-0923Jan 27, 2005risk 0.00cvss —epss 0.00
CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.
- CVE-2004-0889Jan 27, 2005risk 0.00cvss —epss 0.06
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
- CVE-2004-0926Jan 27, 2005risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.
- CVE-2004-0927Jan 27, 2005risk 0.00cvss —epss 0.01
ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.
- CVE-2004-1269Jan 10, 2005risk 0.00cvss —epss 0.09
lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.
- CVE-2004-1268Jan 10, 2005risk 0.00cvss —epss 0.00
lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.
- CVE-2004-1270Jan 10, 2005risk 0.00cvss —epss 0.00
lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user…
- CVE-2003-0788Dec 1, 2003risk 0.00cvss —epss 0.02
Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).
- CVE-2002-1384Jan 2, 2003risk 0.00cvss —epss 0.01
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
- CVE-2002-1366Dec 26, 2002risk 0.00cvss —epss 0.00
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.
- CVE-2002-1371Dec 26, 2002risk 0.00cvss —epss 0.05
filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.
- CVE-2002-1367Dec 26, 2002risk 0.00cvss —epss 0.04
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server…
- CVE-2002-0063Mar 8, 2002risk 0.00cvss —epss 0.04
Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values.
- CVE-2001-1333May 10, 2001risk 0.00cvss —epss 0.00
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
- CVE-2001-1332May 10, 2001risk 0.00cvss —epss 0.04
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
- CVE-2001-0194May 3, 2001risk 0.00cvss —epss 0.04
Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.
- CVE-2000-0513Jun 21, 2000risk 0.00cvss —epss 0.02
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.
- CVE-2000-0511Jun 21, 2000risk 0.00cvss —epss 0.02
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request.
- CVE-2000-0512Jun 16, 2000risk 0.00cvss —epss 0.02
CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.
Page 2 of 2