Vulnerabilities > Apple > Cups > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-26 | CVE-2017-18248 | Improper Input Validation vulnerability in Apple Cups The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. | 3.5 |
2014-07-29 | CVE-2014-5029 | Link Following vulnerability in multiple products The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. | 1.5 |
2014-07-29 | CVE-2014-5030 | Link Following vulnerability in multiple products CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. | 1.9 |
2014-01-26 | CVE-2013-6891 | Link Following vulnerability in multiple products lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. | 1.2 |
2010-06-22 | CVE-2010-2431 | Link Following vulnerability in Apple Cups The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file. | 2.6 |
2008-06-02 | CVE-2008-1033 | Permissions, Privileges, and Access Controls vulnerability in Apple Cups The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables." | 2.1 |