Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Devscripts Devel TeamDevscripts

14 matches found

CVE
CVEadded 2014/01/07 5:0 p.m.72 views

CVE-2013-6888

CVE-2013-6888 affects devscripts’ uscan component. Before version 2.13.9, uscan could execute arbitrary code via a crafted tarball downloaded from a malicious source. Debian/Ubuntu advisories note remote code execution with the vulnerable uscan and specify fixes: Debian wheezy updated to 2.12.6+d...

7.5CVSS8.6AI score0.02539EPSS
CVE
CVEadded 2012/10/01 12:0 a.m.66 views

CVE-2012-2242

CVE-2012-2242 affects devscripts' dget.pl prior to version 2.10.73, where crafted .dsc/.changes files can trigger remote commands due to insufficient escaping of arguments to external commands. The issue allows remote code execution and is separate from CVE-2012-2240. A fix is needed by upgrading...

6.8CVSS7.4AI score0.00975EPSS
Web
CVE
CVEadded 2012/06/16 12:0 a.m.64 views

CVE-2012-0212

CVE-2012-0212 affects devscripts; the debdiff.pl component in versions before 2.10.69 and 2.11.x before 2.11.4 allows remote code execution via shell metacharacters in the file name argument. This vulnerability is reflected in multiple advisories (Ubuntu USN-1593-1, Debian security trackers, and ...

9.3CVSS7.6AI score0.10651EPSS
CVE
CVEadded 2012/10/01 12:0 a.m.64 views

CVE-2012-3500

CVE-2012-3500 is a local reliability issue in the annotate-output mechanism: scripts/annotate-output.sh in devscripts < 2.12.2 (used by rpmdevtools

1.2CVSS6AI score0.00055EPSS
CVE
CVEadded 2009/09/04 8:0 p.m.63 views

CVE-2009-2946

CVE-2009-2946 references an eval injection in devscripts' uscan.pl prior to revision 1984, enabling remote Perl code execution via crafted pathnames on distribution servers. Connected advisories (Debian DSA-1878-1/DSA-1878-2, Ubuntu USN-847-1/2, Red Hat RH CVE entry, OpenVAS/Nessus synopses) conf...

9.3CVSS7.6AI score0.00781EPSS
CVE
CVEadded 2012/10/01 12:0 a.m.60 views

CVE-2012-2240

CVE-2012-2240 affects devscripts, specifically the dscverify.pl component. The vulnerability occurs in scripts/dscverify.pl in devscripts before version 2.12.3, where remote attackers could execute arbitrary commands via unspecified vectors related to arguments to external commands. Multiple conn...

7.5CVSS7.4AI score0.00975EPSS
CVE
CVEadded 2012/10/01 12:0 a.m.60 views

CVE-2012-2241

CVE-2012-2241 affects devscripts prior to version 2.12.3. The vulnerability allows a remote attacker to delete arbitrary files by supplying crafted .dsc or .changes files, with a likely NULL-byte filename issue cited in the description. Exploitation context is remote, with impact described as del...

5CVSS6.5AI score0.00561EPSS
CVE
CVEadded 2017/09/06 9:0 p.m.59 views

CVE-2015-5705

CVE-2015-5705 affects devscripts prior to 2.15.7. The issue allows remote attackers to overwrite arbitrary files via a crafted symlink and filename, due to an argument injection vulnerability in devscripts. Impact is arbitrary file writes; several advisories note fixes in 2.15.7 and later (e.g., ...

7.5CVSS7.3AI score0.00829EPSS
CVE
CVEadded 2017/09/25 9:0 p.m.58 views

CVE-2015-5704

CVE-2015-5704 affects the Debian devscripts package: the licensecheck component in scripts/licensecheck.pl allows local users to execute arbitrary shell commands due to insufficient input filtering. This is observed in multiple advisories (Debian, Fedora, OSV, NVD) and related trackers, with fixe...

7.8CVSS7.6AI score0.00051EPSS
CVE
CVEadded 2012/06/16 12:0 a.m.54 views

CVE-2012-0210

CVE-2012-0210 affects devscripts’ debdiff component. Affected: devscripts package (Debian) with vulnerable debdiff in 2.10.x before 2.10.69 and 2.11.x before 2.11.4. Root cause: insufficient input sanitisation when processing .dsc and .changes files, enabling remote code execution and information...

9.3CVSS7.2AI score0.04506EPSS
CVE
CVEadded 2012/06/16 12:0 a.m.53 views

CVE-2012-0211

CVE-2012-0211 concerns debdiff.pl, part of devscripts, with vulnerable versions 2.10.x before 2.10.69 and 2.11.x before 2.11.4. The issue allows remote code execution via a specially crafted tarball filename in the top-level directory of the original .orig source tarball. The Debian security advi...

9.3CVSS7.4AI score0.10651EPSS
CVE
CVEadded 2013/12/14 5:0 p.m.48 views

CVE-2013-7085

CVE-2013-7085 affects devscripts 2.13.5 (Uscan); when USCAN_EXCLUSION is enabled, remote attackers can delete arbitrary files via a whitespace character in a filename. Evidenced in Fedora/SUSE advisories calling for updates to devscripts (e.g., 2.13.9) to fix the issue. Remediation in provided do...

5.8CVSS6.6AI score0.00995EPSS
CVE
CVEadded 2013/12/13 6:0 p.m.46 views

CVE-2013-7050

The CVE-2013-7050 issue affects devscripts' uscan: the get_main_source_dir function in scripts/uscan.pl (before version 2.13.8) can be exploited to execute arbitrary commands via shell metacharacters in a directory name when USCAN_EXCLUSION is used. This is a remote code execution risk. Affected ...

6.8CVSS7.6AI score0.00839EPSS
CVE
CVEadded 2014/02/05 6:0 p.m.45 views

CVE-2014-1833

CVE-2014-1833 is a directory traversal vulnerability in the uupdate tool of devscripts. A crafted .orig.tar file could allow a remote attacker to modify arbitrary files via symlink abuse. Multiple connected advisories confirm the issue and reference fixes in affected packages (e.g., SUSE, Ubuntu,...

5CVSS6.5AI score0.00647EPSS