Search CVE reports
31 – 40 of 130 results
CVE-2015-6520
Medium prioritySome fixes available 1 of 2
IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request.
2 affected packages
cups-filters, ippusbxd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups-filters | — | — | — | — | — |
ippusbxd | — | — | — | — | — |
CVE-2015-3279
Medium priorityInteger overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which...
1 affected packages
cups-filters
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups-filters | — | — | — | — | — |
CVE-2015-3258
Medium priorityHeap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small...
1 affected packages
cups-filters
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups-filters | — | — | — | — | — |
CVE-2015-1159
Medium priorityCross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
1 affected packages
cups
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
CVE-2015-1158
High priorityThe add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for...
1 affected packages
cups
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
CVE-2015-2305
Medium prioritySome fixes available 29 of 83
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to...
23 affected packages
alpine, clamav, cups, efl, haskell-regex-posix...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
alpine | Not affected | Not affected | Not affected | Not affected | Not affected |
clamav | Fixed | Fixed | Fixed | Fixed | Fixed |
cups | Not affected | Not affected | Not affected | Not affected | Not affected |
efl | Not affected | Not affected | Not affected | Not affected | Not affected |
haskell-regex-posix | Not affected | Not affected | Not affected | Not affected | Not affected |
knews | Not affected | Not affected | Not affected | Not affected | Not affected |
librcsb-core-wrapper | Not affected | Not affected | Not affected | Not affected | Not affected |
llvm-toolchain-3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
llvm-toolchain-3.5 | Not in release | Not in release | Not in release | Not in release | Not affected |
llvm-toolchain-3.6 | Not in release | Not in release | Not in release | Not in release | Not affected |
llvm-toolchain-snapshot | Not in release | Not in release | Not in release | Not in release | Not in release |
newlib | Not affected | Not affected | Not affected | Not affected | Not affected |
nvi | Not affected | Not affected | Not affected | Not affected | Vulnerable |
olsrd | Not in release | Not in release | Not in release | Not affected | Not affected |
openrpt | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
ptlib | Not in release | Not in release | Not in release | Not affected | Not affected |
radare2 | Not affected | Not in release | Not affected | Not affected | Vulnerable |
sma | Not affected | Not affected | Not affected | Not affected | Not affected |
vigor | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Not affected | Not affected |
yap | Not in release | Not in release | Not in release | Not affected | Not affected |
z88dk | Not in release | Not in release | Not in release | Not in release | Not affected |
CVE-2015-2265
Medium priorityThe remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE:...
1 affected packages
cups-filters
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups-filters | — | — | — | — | — |
CVE-2014-9679
Medium priorityInteger underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
1 affected packages
cups
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
CVE-2014-5031
Medium priorityThe web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
1 affected packages
cups
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
CVE-2014-5030
Medium priorityCUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
1 affected packages
cups
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |