Total vulnerabilities in the database
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
| Software | From | Fixed in |
|---|---|---|
| apple / cups | 1.1.20 | 1.1.20.x |
| apple / cups | 1.1.5-2 | 1.1.5-2.x |
| apple / cups | 1.1.14 | 1.1.14.x |
| apple / cups | 1.3-rc2 | 1.3-rc2.x |
| apple / cups | 1.1.6-1 | 1.1.6-1.x |
| apple / cups | 1.1.18 | 1.1.18.x |
| apple / cups | 1.1.12 | 1.1.12.x |
| apple / cups | - | 1.3.7.x |
| apple / cups | 1.1.5-1 | 1.1.5-1.x |
| apple / cups | 1.3.3 | 1.3.3.x |
| apple / cups | 1.1.22 | 1.1.22.x |
| apple / cups | 1.2.0 | 1.2.0.x |
| apple / cups | 1.1.16 | 1.1.16.x |
| apple / cups | 1.3.1 | 1.3.1.x |
| apple / cups | 1.1.23-rc1 | 1.1.23-rc1.x |
| apple / cups | 1.1.20-rc1 | 1.1.20-rc1.x |
| apple / cups | 1.1.15 | 1.1.15.x |
| apple / cups | 1.1.17 | 1.1.17.x |
| apple / cups | 1.1.20-rc6 | 1.1.20-rc6.x |
| apple / cups | 1.2.4 | 1.2.4.x |
| apple / cups | 1.1.19-rc1 | 1.1.19-rc1.x |
| apple / cups | 1.3.2 | 1.3.2.x |
| apple / cups | 1.1.22-rc1 | 1.1.22-rc1.x |
| apple / cups | 1.1.7 | 1.1.7.x |
| apple / cups | 1.2-rc2 | 1.2-rc2.x |
| apple / cups | 1.1.6-2 | 1.1.6-2.x |
| apple / cups | 1.3-b1 | 1.3-b1.x |
| apple / cups | 1.1.3 | 1.1.3.x |
| apple / cups | 1.2.3 | 1.2.3.x |
| apple / cups | 1.1.21 | 1.1.21.x |
| apple / cups | 1.2.9 | 1.2.9.x |
| apple / cups | 1.2.10 | 1.2.10.x |
| apple / cups | 1.1.4 | 1.1.4.x |
| apple / cups | 1.1.23 | 1.1.23.x |
| apple / cups | 1.2.6 | 1.2.6.x |
| apple / cups | 1.2-b1 | 1.2-b1.x |
| apple / cups | 1.1.20-rc4 | 1.1.20-rc4.x |
| apple / cups | 1.1.19 | 1.1.19.x |
| apple / cups | 1.1 | 1.1.x |
| apple / cups | 1.3.4 | 1.3.4.x |
| apple / cups | 1.1.8 | 1.1.8.x |
| apple / cups | 1.1.5 | 1.1.5.x |
| apple / cups | 1.2.1 | 1.2.1.x |
| apple / cups | 1.2-rc3 | 1.2-rc3.x |
| apple / cups | 1.1.2 | 1.1.2.x |
| apple / cups | 1.1.13 | 1.1.13.x |
| apple / cups | 1.1.19-rc4 | 1.1.19-rc4.x |
| apple / cups | 1.1.9-1 | 1.1.9-1.x |
| apple / cups | 1.2.12 | 1.2.12.x |
| apple / cups | 1.1.21-rc2 | 1.1.21-rc2.x |
| apple / cups | 1.2-b2 | 1.2-b2.x |
| apple / cups | 1.2.7 | 1.2.7.x |
| apple / cups | 1.1.6-3 | 1.1.6-3.x |
| apple / cups | 1.1.20-rc5 | 1.1.20-rc5.x |
| apple / cups | 1.1.9 | 1.1.9.x |
| apple / cups | 1.1.19-rc5 | 1.1.19-rc5.x |
| apple / cups | 1.2-rc1 | 1.2-rc1.x |
| apple / cups | 1.1.1 | 1.1.1.x |
| apple / cups | 1.2.8 | 1.2.8.x |
| apple / cups | 1.2.2 | 1.2.2.x |
| apple / cups | 1.1.10 | 1.1.10.x |
| apple / cups | 1.2.11 | 1.2.11.x |
| apple / cups | 1.1.22-rc2 | 1.1.22-rc2.x |
| apple / cups | 1.1.21-rc1 | 1.1.21-rc1.x |
| apple / cups | 1.3-rc1 | 1.3-rc1.x |
| apple / cups | 1.1.11 | 1.1.11.x |
| apple / cups | 1.1.19-rc3 | 1.1.19-rc3.x |
| apple / cups | 1.1.6 | 1.1.6.x |
| apple / cups | 1.1.10-1 | 1.1.10-1.x |
| apple / cups | 1.3.0 | 1.3.0.x |
| apple / cups | 1.3.5 | 1.3.5.x |
| apple / cups | 1.3.6 | 1.3.6.x |
| apple / cups | 1.1.20-rc2 | 1.1.20-rc2.x |
| apple / cups | 1.1.20-rc3 | 1.1.20-rc3.x |
| apple / cups | 1.2.5 | 1.2.5.x |
| apple / cups | 1.1.19-rc2 | 1.1.19-rc2.x |