| Max CVSS | 5.0 | Min CVSS | 1.2 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-3537 | 1.2 |
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
|
13-02-2023 - 00:40 | 23-07-2014 - 14:55 | |
| CVE-2014-2856 | 4.3 |
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.
|
16-12-2017 - 02:29 | 18-04-2014 - 14:55 | |
| CVE-2014-5029 | 1.5 |
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-
|
07-01-2017 - 03:00 | 29-07-2014 - 14:55 | |
| CVE-2014-5030 | 1.9 |
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
|
07-01-2017 - 03:00 | 29-07-2014 - 14:55 | |
| CVE-2014-5031 | 5.0 |
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
|
07-01-2017 - 03:00 | 29-07-2014 - 14:55 |