Search CVE reports
61 – 70 of 130 results
CVE-2010-0542
Medium priorityThe _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL...
2 affected packages
cups, cupsys
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cupsys | — | — | — | — | — |
CVE-2010-0540
Medium priorityCross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of...
2 affected packages
cups, cupsys
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cupsys | — | — | — | — | — |
CVE-2010-0393
Medium priorityThe _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain...
2 affected packages
cups, cupsys
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cupsys | — | — | — | — | — |
CVE-2010-0302
Medium priorityUse-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote...
2 affected packages
cups, cupsys
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cupsys | — | — | — | — | — |
CVE-2009-3553
Medium priorityUse-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of...
2 affected packages
cups, cupsys
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cupsys | — | — | — | — | — |
CVE-2009-2820
Medium prioritySome fixes available 5 of 6
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting...
2 affected packages
cups, cupsys
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cupsys | — | — | — | — | — |
CVE-2009-2807
Low priorityHeap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.
2 affected packages
cups, cupsys
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cupsys | — | — | — | — | — |
CVE-2009-1196
Medium priorityThe directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to...
2 affected packages
cups, cupsys
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cupsys | — | — | — | — | — |
CVE-2009-0949
Medium priorityThe ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and...
2 affected packages
cups, cupsys
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cupsys | — | — | — | — | — |
CVE-2009-0791
Medium priorityMultiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash)...
2 affected packages
cups, cupsys
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cups | — | — | — | — | — |
cupsys | — | — | — | — | — |