Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Devscripts Devel Team Security Vulnerabilities

cve
cve

CVE-2009-2946

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.

7.6AI Score

0.004EPSS

2022-10-03 04:24 PM
41
cve
cve

CVE-2012-0210

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.

7.2AI Score

0.06EPSS

2012-06-16 12:55 AM
31
cve
cve

CVE-2012-0211

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.

7.4AI Score

0.06EPSS

2012-06-16 12:55 AM
31
cve
cve

CVE-2012-0212

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.

7.6AI Score

0.06EPSS

2012-06-16 12:55 AM
34
cve
cve

CVE-2012-2240

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."

7.4AI Score

0.007EPSS

2012-10-01 12:55 AM
34
cve
cve

CVE-2012-2241

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.

6.5AI Score

0.007EPSS

2012-10-01 12:55 AM
40
cve
cve

CVE-2012-2242

scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.

7.4AI Score

0.007EPSS

2012-10-01 12:55 AM
36
cve
cve

CVE-2012-3500

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.

6AI Score

0.0004EPSS

2012-10-01 12:55 AM
35
cve
cve

CVE-2013-6888

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.

8.6AI Score

0.105EPSS

2014-01-07 05:04 PM
41
cve
cve

CVE-2013-7050

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.

7.6AI Score

0.013EPSS

2013-12-13 06:07 PM
25
cve
cve

CVE-2013-7085

Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.

6.6AI Score

0.018EPSS

2013-12-14 05:21 PM
30
cve
cve

CVE-2014-1833

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.

6.5AI Score

0.01EPSS

2014-02-05 06:55 PM
26
cve
cve

CVE-2015-5704

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

7.8CVSS

7.6AI Score

0.0004EPSS

2017-09-25 09:29 PM
19
cve
cve

CVE-2015-5705

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

7.5CVSS

7.3AI Score

0.003EPSS

2017-09-06 09:29 PM
27