This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cups First view 2007-10-31
Product Cups Last view 2018-08-10
Version - Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cups:cups

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2018-08-10 CVE-2018-6553

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.

7.5 2018-01-12 CVE-2014-8166

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.

4.3 2015-06-26 CVE-2015-1159

Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.

10 2015-06-26 CVE-2015-1158

The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.

10 2007-10-31 CVE-2007-4351

Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-254 Security Features
25% (1) CWE-189 Numeric Errors
25% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
25% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
42028 CUPS cups/ipp.c ippReadIO Function IPP Tag Handling Overflow

OpenVAS Exploits

id Description
2010-05-12 Name : Mac OS X Security Update 2007-009
File : nvt/macosx_secupd_2007-009.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-04-09 Name : Mandriva Update for cups MDKSA-2007:204-1 (cups)
File : nvt/gb_mandriva_MDKSA_2007_204_1.nasl
2009-04-09 Name : Mandriva Update for cups MDKSA-2007:204 (cups)
File : nvt/gb_mandriva_MDKSA_2007_204.nasl
2009-03-23 Name : Ubuntu Update for cupsys vulnerability USN-539-1
File : nvt/gb_ubuntu_USN_539_1.nasl
2009-02-27 Name : Fedora Update for cups FEDORA-2007-2715
File : nvt/gb_fedora_2007_2715_cups_fc7.nasl
2009-02-27 Name : Fedora Update for cups FEDORA-2007-2982
File : nvt/gb_fedora_2007_2982_cups_fc8.nasl
2009-02-27 Name : Fedora Update for cups FEDORA-2007-3100
File : nvt/gb_fedora_2007_3100_cups_fc7.nasl
2009-02-27 Name : Fedora Update for cups FEDORA-2007-740
File : nvt/gb_fedora_2007_740_cups_fc6.nasl
2009-02-17 Name : Fedora Update for cups FEDORA-2008-3449
File : nvt/gb_fedora_2008_3449_cups_fc7.nasl
2009-02-16 Name : Fedora Update for cups FEDORA-2008-2897
File : nvt/gb_fedora_2008_2897_cups_fc7.nasl
2009-02-16 Name : Fedora Update for cups FEDORA-2008-1976
File : nvt/gb_fedora_2008_1976_cups_fc7.nasl
2009-01-28 Name : SuSE Update for cups SUSE-SA:2007:058
File : nvt/gb_suse_2007_058.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200711-16 (cups)
File : nvt/glsa_200711_16.nasl
2008-09-04 Name : FreeBSD Ports: cups-base
File : nvt/freebsd_cups-base4.nasl
2008-01-17 Name : Debian Security Advisory DSA 1407-1 (cupsys)
File : nvt/deb_1407_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2007-305-01 cups
File : nvt/esoft_slk_ssa_2007_305_01.nasl

Snort® IPS/IDS

Date Description
2015-08-04 Apple Cups cupsd privilege escalation attempt
RuleID : 35043 - Type : SERVER-OTHER - Revision : 2
2014-11-16 Apple CUPS web interface cross site scripting attempt
RuleID : 31860 - Type : SERVER-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-07-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1426.nasl - Type: ACT_GATHER_INFO
2018-07-12 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4243.nasl - Type: ACT_GATHER_INFO
2015-11-02 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201510-07.nasl - Type: ACT_GATHER_INFO
2015-07-08 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2015-559.nasl - Type: ACT_GATHER_INFO
2015-07-08 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2015-188-01.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Fedora host is missing a security update.
File: fedora_2015-9801.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Fedora host is missing a security update.
File: fedora_2015-9726.nasl - Type: ACT_GATHER_INFO
2015-06-19 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-1123.nasl - Type: ACT_GATHER_INFO
2015-06-18 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2015-1123.nasl - Type: ACT_GATHER_INFO
2015-06-18 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2015-0071.nasl - Type: ACT_GATHER_INFO
2015-06-18 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-1123.nasl - Type: ACT_GATHER_INFO
2015-06-18 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20150617_cups_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2015-06-15 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-418.nasl - Type: ACT_GATHER_INFO
2015-06-12 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1041-1.nasl - Type: ACT_GATHER_INFO
2015-06-12 Name: The remote printer service is potentially affected by multiple vulnerabilities.
File: cups_2_0_3.nasl - Type: ACT_GATHER_INFO
2015-06-11 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2629-1.nasl - Type: ACT_GATHER_INFO
2015-06-10 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_a40ec9700efa11e590e4d050996490d0.nasl - Type: ACT_GATHER_INFO
2015-06-10 Name: The remote Debian host is missing a security update.
File: debian_DLA-239.nasl - Type: ACT_GATHER_INFO
2015-06-10 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3283.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-1020.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-1022.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-1023.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20071031_cups_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20071107_cups_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2007-1020.nasl - Type: ACT_GATHER_INFO