Devscripts Security Vulnerabilities and Issues — Devscripts CVE List

Lucene search

Devscripts Devel TeamDevscripts

14 matches found

CVE•added 2014/01/07 5:4 p.m.•66 views

CVE-2013-6888

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.

7.5CVSS8.6AI score0.02873EPSS

CVE•added 2009/09/04 8:30 p.m.•56 views

CVE-2009-2946

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.

9.3CVSS7.6AI score0.00878EPSS

CVE•added 2012/06/16 12:55 a.m.•56 views

CVE-2012-0212

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.

9.3CVSS7.6AI score0.10651EPSS

CVE•added 2012/10/01 12:55 a.m.•54 views

CVE-2012-2241

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.

5CVSS6.5AI score0.00561EPSS

CVE•added 2017/09/06 9:29 p.m.•54 views

CVE-2015-5705

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

7.5CVSS7.3AI score0.00829EPSS

CVE•added 2012/10/01 12:55 a.m.•52 views

CVE-2012-2240

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."

7.5CVSS7.4AI score0.00975EPSS

CVE•added 2017/09/25 9:29 p.m.•52 views

CVE-2015-5704

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

7.8CVSS7.6AI score0.00051EPSS

CVE•added 2012/10/01 12:55 a.m.•51 views

CVE-2012-2242

scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.

6.8CVSS7.4AI score0.00975EPSS

CVE•added 2012/10/01 12:55 a.m.•50 views

CVE-2012-3500

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.

1.2CVSS6AI score0.00055EPSS

CVE•added 2012/06/16 12:55 a.m.•46 views

CVE-2012-0210

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.

9.3CVSS7.2AI score0.04506EPSS

CVE•added 2012/06/16 12:55 a.m.•45 views

CVE-2012-0211

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.

9.3CVSS7.4AI score0.10651EPSS

CVE•added 2013/12/14 5:21 p.m.•43 views

CVE-2013-7085

Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.

5.8CVSS6.6AI score0.011EPSS

CVE•added 2014/02/05 6:55 p.m.•40 views

CVE-2014-1833

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.

5CVSS6.5AI score0.00881EPSS

CVE•added 2013/12/13 6:7 p.m.•39 views

CVE-2013-7050

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.

6.8CVSS7.6AI score0.00839EPSS