Cups

Cups

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-47850

  • EPSS 0.17%
  • Veröffentlicht 04.10.2024 05:15:11
  • Zuletzt bearbeitet 21.11.2024 09:40:13

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe ...

8.8

CVE-2018-6553

  • EPSS 0.06%
  • Veröffentlicht 10.08.2018 15:29:01
  • Zuletzt bearbeitet 21.11.2024 04:10:53

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-...

8.8

CVE-2014-8166

  • EPSS 0.99%
  • Veröffentlicht 12.01.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 02:18:41

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.

4.3

CVE-2015-1159

Exploit
  • EPSS 44.4%
  • Veröffentlicht 26.06.2015 10:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.

10

CVE-2015-1158

  • EPSS 77%
  • Veröffentlicht 26.06.2015 10:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings v...

4.3

CVE-2008-1722

  • EPSS 4.16%
  • Veröffentlicht 10.04.2008 19:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.

9.3

CVE-2008-0047

  • EPSS 25.28%
  • Veröffentlicht 18.03.2008 23:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted sea...

10

CVE-2008-0882

  • EPSS 23.08%
  • Veröffentlicht 21.02.2008 19:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to...

10

CVE-2007-4351

  • EPSS 23.65%
  • Veröffentlicht 31.10.2007 22:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-ba...

5

CVE-2007-0720

  • EPSS 16.6%
  • Veröffentlicht 13.03.2007 21:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.