Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apple cups 1.4.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5519
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging th...
Apple Cups 1.4.4
2 Github repositories
NA
CVE-2011-3170
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and previous versions does not properly handle the first code word in an LZW stream, which allows remote malicious users to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted strea...
Apple Cups 1.4
Apple Cups 1.4.0
Apple Cups 1.1.5-1
Apple Cups 1.1.5-2
Apple Cups 1.1.9-1
Apple Cups 1.1.10-1
Apple Cups 1.1.15
Apple Cups 1.1.18
Apple Cups 1.1.19
Apple Cups 1.1.20
Apple Cups 1.1.22
Apple Cups 1.2
Apple Cups 1.2.8
Apple Cups 1.2.9
Apple Cups 1.4.1
Apple Cups 1.4.2
Apple Cups 1.1.6
Apple Cups 1.1.6-1
Apple Cups 1.1.10
Apple Cups 1.1.6-3
Apple Cups 1.1.17
Apple Cups 1.1.12
NA
CVE-2010-2431
The cupsFileOpen function in CUPS prior to 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.
Apple Cups 1.3.6
Apple Cups 1.1
Apple Cups 1.1.3
Apple Cups 1.1.4
Apple Cups 1.1.8
Apple Cups 1.1.7
Apple Cups 1.1.14
Apple Cups 1.1.13
Apple Cups 1.1.19
Apple Cups 1.1.21
Apple Cups 1.1.23
Apple Cups 1.4.1
Apple Cups 1.2.3
Apple Cups 1.2.2
Apple Cups 1.2.12
Apple Cups 1.3
Apple Cups 1.3.4
Apple Cups 1.3.5
Apple Cups 1.3.11
Apple Cups 1.1.1
Apple Cups 1.1.5-1
Apple Cups 1.1.5
NA
CVE-2010-2432
The cupsDoAuthentication function in auth.c in the client in CUPS prior to 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.
Apple Cups 1.1.2
Apple Cups 1.1.3
Apple Cups 1.1.6-3
Apple Cups 1.1.6-2
Apple Cups 1.1.12
Apple Cups 1.1.11
Apple Cups 1.1.14
Apple Cups 1.1.20
Apple Cups 1.1.19
Apple Cups 1.1.21
Apple Cups 1.2
Apple Cups 1.4.1
Apple Cups 1.2.4
Apple Cups 1.2.3
Apple Cups 1.2.10
Apple Cups 1.2.11
Apple Cups 1.3.3
Apple Cups 1.3.4
Apple Cups 1.3.10
Apple Cups 1.3.11
Apple Cups 1.3.6
Apple Cups 1.1
NA
CVE-2010-0542
The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS prior to 1.4.4 does not check the return values of certain calloc calls, which allows remote malicious users to cause a denial of service (NULL pointer dereference or heap memory corruption) ...
Apple Cups 1.1.1
Apple Cups 1.1.5-1
Apple Cups 1.1.5
Apple Cups 1.1.9
Apple Cups 1.1.9-1
Apple Cups 1.1.16
Apple Cups 1.1.15
Apple Cups 1.1.19
Apple Cups 1.1.20
Apple Cups 1.1.22
Apple Cups 1.2.1
Apple Cups 1.2.0
Apple Cups 1.3.9
Apple Cups 1.2.7
Apple Cups 1.3
Apple Cups 1.3.8
Apple Cups 1.3.7
Apple Cups 1.1.5-2
Apple Cups 1.1.6
Apple Cups 1.1.10-1
Apple Cups 1.1.10
Apple Cups 1.1.18
NA
CVE-2010-1748
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS prior to 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 prior to 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subseque...
Apple Cups 1.1.6
Apple Cups 1.1.6-1
Apple Cups 1.1.10
Apple Cups 1.1.6-3
Apple Cups 1.1.17
Apple Cups 1.1.12
Apple Cups 1.1.19
Apple Cups 1.1.20
Apple Cups 1.1.21
Apple Cups 1.2
Apple Cups 1.2.5
Apple Cups 1.2.4
Apple Cups 1.2.9
Apple Cups 1.2.10
Apple Cups 1.3.0
Apple Cups 1.4.0
Apple Cups 1.3.7
Apple Cups 1.3.10
Apple Cups 1.3.6
Apple Cups 1.1.2
Apple Cups 1.1.3
Apple Cups 1.1.4
1 EDB exploit
NA
CVE-2011-2896
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS prior to 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and previous ve...
Swi-prolog Swi-prolog
Apple Cups
Gimp Gimp
NA
CVE-2010-0540
Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS prior to 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 prior to 10.6.4, and other platforms, allows remote malicious users to hijack the authentication of administrators for requests that change...
Apple Mac Os X 10.6.1
Apple Mac Os X Server 10.6.0
Apple Mac Os X 10.5.8
Apple Mac Os X 10.6.0
Apple Mac Os X Server 10.6.2
Apple Mac Os X Server 10.6.3
Apple Mac Os X 10.6.3
Apple Mac Os X Server 10.5.8
Apple Mac Os X Server 10.6.1
Apple Mac Os X 10.6.2
7.5
CVSSv3
CVE-2010-0302
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS prior to 1.4.4, when kqueue or epoll is used, allows remote malicious users to cause a denial of service (daemon c...
Apple Mac Os X Server
Apple Mac Os X
Apple Cups
Fedoraproject Fedora 11
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 9.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Eus 5.4
9.8
CVSSv3
CVE-2010-2941
ipp.c in cupsd in CUPS 1.4.4 and previous versions does not properly allocate memory for attribute values with invalid string data types, which allows remote malicious users to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via...
Apple Cups
Apple Mac Os X Server
Apple Mac Os X
Fedoraproject Fedora 13
Fedoraproject Fedora 12
Fedoraproject Fedora 14
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 9.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 5.0
Opensuse Opensuse 11.1
Suse Linux Enterprise Server 9
Opensuse Opensuse 11.2
Opensuse Opensuse 11.3
Suse Linux Enterprise 11.0
Suse Linux Enterprise 10.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux 5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started