This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Easy Software Products First view 2005-09-13
Product Cups Last view 2008-02-25
Version 1.1.22 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:easy_software_products:cups

Activity : Overall

Related : CVE

  Date Alert Description
5 2008-02-25 CVE-2008-0597

Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.

5 2008-02-25 CVE-2008-0596

Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers.

5 2005-12-31 CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

10 2005-12-31 CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

5 2005-12-31 CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

5 2005-09-13 CVE-2005-2874

The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request.

CWE : Common Weakness Enumeration

%idName
80% (4) CWE-399 Resource Management Errors
20% (1) CWE-189 Numeric Errors

Open Source Vulnerability Database (OSVDB)

id Description
42159 CUPS Crafted IPP Packets Remote DoS
42158 CUPS Add / Remove Shared Printer Request Saturation DoS
22235 Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS
22234 Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS
22233 Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function...
12834 CUPS Malformed Traversal HTTP Request Remote DoS

OpenVAS Exploits

id Description
2009-03-06 Name : RedHat Update for cups RHSA-2008:0161-01
File : nvt/gb_RHSA-2008_0161-01_cups.nasl
2009-03-06 Name : RedHat Update for cups RHSA-2008:0153-01
File : nvt/gb_RHSA-2008_0153-01_cups.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0161 centos5 x86_64
File : nvt/gb_CESA-2008_0161_cups_centos5_x86_64.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0161 centos5 i386
File : nvt/gb_CESA-2008_0161_cups_centos5_i386.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0153 centos3 x86_64
File : nvt/gb_CESA-2008_0153_cups_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for cups CESA-2008:0153 centos3 i386
File : nvt/gb_CESA-2008_0153_cups_centos3_i386.nasl
2009-01-23 Name : SuSE Update for cups SUSE-SA:2008:012
File : nvt/gb_suse_2008_012.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdfto...
File : nvt/glsa_200601_17.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword)
File : nvt/glsa_200601_02.nasl
2008-09-04 Name : FreeBSD Ports: cups-base
File : nvt/freebsd_cups-base.nasl
2008-01-17 Name : Debian Security Advisory DSA 931-1 (xpdf)
File : nvt/deb_931_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 962-1 (pdftohtml)
File : nvt/deb_962_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 961-1 (pdfkit.framework)
File : nvt/deb_961_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 950-1 (cupsys)
File : nvt/deb_950_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 940-1 (gpdf)
File : nvt/deb_940_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 938-1 (koffice)
File : nvt/deb_938_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 937-1 (tetex-bin)
File : nvt/deb_937_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 936-1 (libextractor)
File : nvt/deb_936_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 932-1 (xpdf)
File : nvt/deb_932_1.nasl
2005-11-03 Name : CUPS < 1.1.23 Multiple Vulnerabilities
File : nvt/cups_multiple_vulnerabilities.nasl
0000-00-00 Name : Slackware Advisory SSA:2006-045-09 xpdf
File : nvt/esoft_slk_ssa_2006_045_09.nasl
0000-00-00 Name : Slackware Advisory SSA:2006-045-04 kdegraphics
File : nvt/esoft_slk_ssa_2006_045_04.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0153.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0161.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO
2012-09-24 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080225_cups_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12099.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-051.nasl - Type: ACT_GATHER_INFO
2008-03-19 Name: The remote host is missing a Mac OS X update that fixes various security issues.
File: macosx_SecUpd2008-002.nasl - Type: ACT_GATHER_INFO
2008-03-07 Name: The remote openSUSE host is missing a security update.
File: suse_cups-5064.nasl - Type: ACT_GATHER_INFO
2008-03-07 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_cups-5063.nasl - Type: ACT_GATHER_INFO
2008-02-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2008-0161.nasl - Type: ACT_GATHER_INFO
2008-02-26 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2008-0153.nasl - Type: ACT_GATHER_INFO
2008-02-26 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0161.nasl - Type: ACT_GATHER_INFO
2008-02-26 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0153.nasl - Type: ACT_GATHER_INFO
2007-01-08 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2005-772.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-950.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-962.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-961.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-940.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-938.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-937.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-936.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-932.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-931.nasl - Type: ACT_GATHER_INFO
2006-07-05 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2006-0177.nasl - Type: ACT_GATHER_INFO