Apple Cups vulnerabilities

CVE-2018-4300 [MEDIUM] CWE-200 CVE-2018-4300: The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthor The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.

CVE-2018-4180 [HIGH] CVE-2018-4180: In macOS High Sierra before 10 In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

CVE-2018-4181 [MEDIUM] CVE-2018-4181: In macOS High Sierra before 10 In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

CVE-2018-6553 [HIGH] CVE-2018-6553: The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LT

CVE-2017-18248 [MEDIUM] CWE-20 CVE-2017-18248: The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.

CVE-2017-18190 [HIGH] CWE-290 CVE-2017-18190: A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 a A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible

CVE-2017-15400 [HIGH] CVE-2017-15400: Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62 Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.

CVE-2015-3279 [HIGH] CVE-2015-3279: Integer overflow in filter/texttopdf Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.

CVE-2015-3258 [HIGH] CVE-2015-3258: Heap-based buffer overflow in the WriteProlog function in filter/texttopdf Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.

CVE-2015-1159 [MEDIUM] CVE-2015-1159: Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.

CVE-2015-1158 [CRITICAL] cups vulnerabilities cups vulnerabilities It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. (CVE-2015-1158) It was discovered that the CUPS templating engine contained a cross-site scripting issue. A remote attacker could use this issue to bypass default configuration settings. (CVE-2

CVE-2014-9679 [MEDIUM] CWE-119 CVE-2014-9679: Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allow Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.

CVE-2014-5031 [MEDIUM] CWE-264 CVE-2014-5031: The web interface in CUPS before 2.0 does not check that files have world-readable permissions, whic The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

CVE-2014-5030 [LOW] CWE-59 CVE-2014-5030: CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, ( CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.

CVE-2014-5029 [LOW] CVE-2014-5029: The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a sym The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.

CVE-2014-3537 [LOW] CWE-59 CVE-2014-3537: The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files vi The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

CVE-2014-2856 [MEDIUM] CWE-79 CVE-2014-2856: Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.

CVE-2013-6475 [MEDIUM] CVE-2013-6475: Multiple integer overflows in (1) OPVPOutputDev Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.

CVE-2013-6474 [MEDIUM] CVE-2013-6474: Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1 Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.

CVE-2013-6476 [MEDIUM] CVE-2013-6476: The OPVPWrapper::loadDriver function in oprs/OPVPWrapper The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.