Vulnerabilities > Cups > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-10 CVE-2018-6553 The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links.
local
low complexity
cups canonical debian
4.6
2018-01-12 CVE-2014-8166 Improper Input Validation vulnerability in Cups
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.
network
high complexity
cups CWE-20
5.1
2015-06-26 CVE-2015-1159 Cross-site Scripting vulnerability in Cups
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
network
cups CWE-79
4.3
2008-04-10 CVE-2008-1722 Improper Input Validation vulnerability in Cups 1.3
Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.
network
cups CWE-20
4.3
2007-03-13 CVE-2007-0720 The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.
network
low complexity
cups apple
5.0