236 matches found
CVE-2013-7050
The CVE-2013-7050 issue affects devscripts' uscan: the get_main_source_dir function in scripts/uscan.pl (before version 2.13.8) can be exploited to execute arbitrary commands via shell metacharacters in a directory name when USCAN_EXCLUSION is used. This is a remote code execution risk. Affected ...
Ubuntu Update for mozilla-devscripts USN-1430-5
Ubuntu Update for Linux kernel vulnerabilities USN-1430-5 OpenVAS Vulnerability Test $Id: gbubuntuUSN14305.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for mozilla-devscripts USN-1430-5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH,...
Ubuntu: Security Advisory (USN-1430-5)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-1430-5: mozilla-devscripts update
USN-1430-3 fixed vulnerabilities in Thunderbird. This update provides an updated mozilla-devscripts which produces packaged addons compatible with the latest thunderbird packaging...
Ubuntu 10.04 LTS : mozilla-devscripts update (USN-1430-5)
USN-1430-3 fixed vulnerabilities in Thunderbird. This update provides an updated mozilla-devscripts which produces packaged addons compatible with the latest thunderbird packaging. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security...
Ubuntu: Security Advisory (USN-1593-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu Update for devscripts USN-1593-1
Ubuntu Update for Linux kernel vulnerabilities USN-1593-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15931.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for devscripts USN-1593-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net...
USN-1593-1: devscripts vulnerabilities
Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. CVE-2012-0212 Raphael Geissert discovered that the...
CVE-2012-2242
scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted 1 .dsc or 2 .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240...
CVE-2012-3500
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary 1 standard output or 2 standard error output file...
DEBIAN-CVE-2012-2242
scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted 1 .dsc or 2 .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240...
DEBIAN-CVE-2012-2240
scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."...
CVE-2012-2240
scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."...
CVE-2012-2242
scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted 1 .dsc or 2 .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240...
CVE-2012-2241
scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted 1 .dsc or 2 .changes file, probably related to a NULL byte in a filename...
DEBIAN-CVE-2012-3500
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary 1 standard output or 2 standard error output file...
CVE-2012-2240
scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."...
CVE-2012-2241
scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted 1 .dsc or 2 .changes file, probably related to a NULL byte in a filename...
CVE-2012-3500
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary 1 standard output or 2 standard error output file...
Xxe
scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted 1 .dsc or 2 .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240...