cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system
Max CVSS
9.8
EPSS Score
3.40%
Published
2019-12-20
Updated
2020-11-16
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
Max CVSS
9.8
EPSS Score
69.07%
Published
2010-11-05
Updated
2024-02-02
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
Max CVSS
10.0
EPSS Score
1.26%
Published
2008-11-21
Updated
2009-01-29
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
Max CVSS
10.0
EPSS Score
91.69%
Published
2008-10-10
Updated
2018-10-11
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
Max CVSS
10.0
EPSS Score
11.71%
Published
2008-03-18
Updated
2017-09-29
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.
Max CVSS
9.8
EPSS Score
0.64%
Published
2004-12-31
Updated
2024-02-15
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!