Every CVE whose affected-product data names Apple Cups, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (56)
CVE-2008-3641 — CVSS 10.0 (critical): The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen…
CVE-2008-5184 — CVSS 10.0 (critical): The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which…
CVE-2008-0053 — CVSS 10.0 (critical): Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code…
CVE-2012-6094 — CVSS 9.8 (critical): cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system
CVE-2004-2154 — CVSS 9.8 (critical): CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a…
CVE-2010-2941 — CVSS 9.8 (critical): ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which…
CVE-2009-3553 — CVSS 7.5 (high): Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the…
CVE-2009-1182 — CVSS 7.5 (high): Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other…
CVE-2008-5286 — CVSS 7.5 (high): Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG…
CVE-2008-5183 — CVSS 7.5 (high): cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a…
CVE-2002-1372 — CVSS 7.5 (high): Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations…
CVE-2010-0302 — CVSS 7.5 (high): Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the…
CVE-2008-3639 — CVSS 7.5 (high): Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code…
CVE-2009-0949 — CVSS 7.5 (high): The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which…
CVE-2017-18190 — CVSS 7.5 (high): A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute…
CVE-2010-3702 — CVSS 7.5 (high): The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS…
CVE-2012-5519 — CVSS 7.2 (high): CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in…
CVE-2010-0393 — CVSS 6.9 (medium): The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to…
CVE-2009-0032 — CVSS 6.9 (medium): CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users…
CVE-2008-5377 — CVSS 6.9 (medium): pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a…
CVE-2009-0577 — CVSS 6.8 (medium): Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to…
CVE-2007-3387 — CVSS 6.8 (medium): Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before…
CVE-2008-1374 — CVSS 6.8 (medium): Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers…
CVE-2008-3640 — CVSS 6.8 (medium): Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a…
CVE-2009-0163 — CVSS 6.8 (medium): Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon…
CVE-2009-0195 — CVSS 6.8 (medium): Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute…
CVE-2009-0791 — CVSS 6.8 (medium): Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and…
CVE-2009-0800 — CVSS 6.8 (medium): Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and…
CVE-2009-1179 — CVSS 6.8 (medium): Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows…
CVE-2009-1180 — CVSS 6.8 (medium): The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to…
CVE-2010-0542 — CVSS 6.8 (medium): The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of…
CVE-2014-9679 — CVSS 6.8 (medium): Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified…
CVE-2022-26691 — CVSS 6.7 (medium): A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3…
CVE-2009-0164 — CVSS 6.4 (medium): The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote…
CVE-2018-4300 — CVSS 5.9 (medium): The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web…
CVE-2017-18248 — CVSS 5.3 (medium): The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending…
CVE-2011-2896 — CVSS 5.1 (medium): The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw…
CVE-2011-3170 — CVSS 5.1 (medium): The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream…
CVE-2014-5031 — CVSS 5.0 (medium): The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains…
CVE-2007-4045 — CVSS 5.0 (medium): The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service…
CVE-2009-1196 — CVSS 5.0 (medium): The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd…
CVE-2010-2432 — CVSS 5.0 (medium): The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a…
CVE-2009-1181 — CVSS 4.3 (medium): The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to…
CVE-2009-0799 — CVSS 4.3 (medium): The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to…
CVE-2009-0166 — CVSS 4.3 (medium): The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of…
CVE-2010-1748 — CVSS 4.3 (medium): The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X…
CVE-2009-0147 — CVSS 4.3 (medium): Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote…
CVE-2009-0146 — CVSS 4.3 (medium): Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote…
CVE-2014-2856 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers…
CVE-2009-1183 — CVSS 4.3 (medium): The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote…
CVE-2010-2431 — CVSS 2.6 (low): The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink…
CVE-2008-1033 — CVSS 2.1 (low): The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows…
CVE-2014-5030 — CVSS 1.9 (low): CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4)…
CVE-2014-5029 — CVSS 1.5 (low): The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in…
CVE-2014-3537 — CVSS 1.2 (low): The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in…
CVE-2013-6891 — CVSS 1.2 (low): lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified…