Search for packages
| purl | pkg:deb/ubuntu/cups@2.1.3-1 |
| Next non-vulnerable version | 2.3.1-9ubuntu1.1 |
| Latest non-vulnerable version | 2.3.1-9ubuntu1.1 |
| Risk | 4.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3dsn-2jt3-aaak
Aliases: CVE-2018-4300 |
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10. |
Affected by 0 other vulnerabilities. |
|
VCID-4sn3-cw3j-aaaa
Aliases: CVE-2018-4700 |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage |
Affected by 6 other vulnerabilities. |
|
VCID-74p3-81x4-aaas
Aliases: CVE-2018-4180 |
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. |
Affected by 7 other vulnerabilities. |
|
VCID-cjms-6qnk-aaaq
Aliases: CVE-2018-4181 |
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. |
Affected by 7 other vulnerabilities. |
|
VCID-cs84-z94n-aaac
Aliases: CVE-2019-2228 |
In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196 |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-eehn-r62r-aaah
Aliases: CVE-2018-6553 |
The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS. |
Affected by 7 other vulnerabilities. |
|
VCID-gd2u-4vv8-aaak
Aliases: CVE-2019-8696 |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. |
Affected by 4 other vulnerabilities. |
|
VCID-hcxc-ggtu-aaaf
Aliases: CVE-2020-3898 |
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-qmhw-fw7n-aaah
Aliases: CVE-2019-2180 |
In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation. |
Affected by 0 other vulnerabilities. |
|
VCID-qsan-tgw4-aaae
Aliases: CVE-2017-18248 |
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. |
Affected by 10 other vulnerabilities. |
|
VCID-tkcn-88pf-aaag
Aliases: CVE-2019-8675 |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. |
Affected by 4 other vulnerabilities. |
|
VCID-w8s4-rypx-aaar
Aliases: CVE-2017-18190 |
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). |
Affected by 12 other vulnerabilities. |
|
VCID-y9fv-tu4k-aaaa
Aliases: CVE-2017-15400 |
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue. |
Affected by 10 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|