Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cups vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-8425
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php.
Cups Easy \\(purchase \\& Inventory\\) Project Cups Easy \\(purchase \\& Inventory\\) 1.0
1 Github repository
NA
CVE-2013-6891
lppasswd in CUPS prior to 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
Apple Cups
Apple Cups 1.7
Apple Cups 1.7.1
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 13.10
5.3
CVSSv3
CVE-2017-18248
The add_job function in scheduler/ipp.c in CUPS prior to 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
Apple Cups
NA
CVE-2014-9679
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS prior to 2.0.2 allows remote malicious users to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
Apple Cups
NA
CVE-2008-1033
The scheduler in CUPS in Apple Mac OS X 10.5 prior to 10.5.3, when debug logging is enabled and a printer requires a password, allows malicious users to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."...
Apple Cups
5.9
CVSSv3
CVE-2018-4300
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.
Apple Cups
NA
CVE-2009-0032
CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.
Apple Cups
NA
CVE-2008-1374
Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote malicious users to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.
Apple Cups
NA
CVE-2008-5377
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.
Apple Cups 1.3.8
1 EDB exploit
NA
CVE-2009-0577
Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote malicious users to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. NOTE: this issue exists because of an inc...
Apple Cups 1.1.17
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »