Search CVE reports
41 – 50 of 137 results
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
1 affected package
cups
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cups | — | — | — | — |
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for...
1 affected package
cups
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cups | — | — | — | — |
Some fixes available 31 of 85
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to...
23 affected packages
clamav, radare2, librcsb-core-wrapper, efl, alpine...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| clamav | Fixed | Fixed | Fixed | Fixed |
| radare2 | Not affected | Not in release | Not affected | Not affected |
| librcsb-core-wrapper | Not affected | Not affected | Not affected | Not affected |
| efl | Not affected | Not affected | Not affected | Not affected |
| alpine | Not affected | Not affected | Not affected | Not affected |
| ptlib | Not in release | Not in release | Not in release | Not affected |
| nvi | Not affected | Not affected | Not affected | Not affected |
| openrpt | Not in release | Not in release | Not in release | Vulnerable |
| cups | Not affected | Not affected | Not affected | Not affected |
| haskell-regex-posix | Not affected | Not affected | Not affected | Not affected |
| llvm-toolchain-3.4 | Not in release | Not in release | Not in release | Not in release |
| llvm-toolchain-3.5 | Not in release | Not in release | Not in release | Not in release |
| llvm-toolchain-3.6 | Not in release | Not in release | Not in release | Not in release |
| newlib | Not affected | Not affected | Not affected | Not affected |
| olsrd | Not in release | Not in release | Not in release | Not affected |
| php5 | Not in release | Not in release | Not in release | Not in release |
| sma | Not affected | Not affected | Not affected | Not affected |
| vigor | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Not affected |
| yap | Not in release | Not in release | Not in release | Not affected |
| z88dk | Not in release | Not in release | Not in release | Not in release |
| knews | Not affected | Not affected | Not affected | Not affected |
| llvm-toolchain-snapshot | Not in release | Not in release | Not in release | Not in release |
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE:...
1 affected package
cups-filters
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cups-filters | — | — | — | — |
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
1 affected package
cups
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cups | — | — | — | — |
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
1 affected package
cups
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cups | — | — | — | — |
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
1 affected package
cups
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cups | — | — | — | — |
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of...
1 affected package
cups
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cups | — | — | — | — |
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
1 affected package
cups
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cups | — | — | — | — |
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as...
1 affected package
cups-filters
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cups-filters | — | — | — | — |