Devscripts Devel Team » Devscripts : Security Vulnerabilities, CVEs,
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
Max CVSS
7.5
EPSS Score
0.33%
Published
2017-09-06
Updated
2017-09-13
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-09-25
Updated
2017-10-06
Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.
Max CVSS
5.0
EPSS Score
0.98%
Published
2014-02-05
Updated
2018-01-03
Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.
Max CVSS
5.8
EPSS Score
1.80%
Published
2013-12-14
Updated
2017-08-29
The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
Max CVSS
6.8
EPSS Score
1.28%
Published
2013-12-13
Updated
2017-08-29
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.
Max CVSS
7.5
EPSS Score
10.51%
Published
2014-01-07
Updated
2017-08-29
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
Max CVSS
1.2
EPSS Score
0.04%
Published
2012-10-01
Updated
2023-02-13
scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.
Max CVSS
6.8
EPSS Score
0.75%
Published
2012-10-01
Updated
2013-04-19
scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.
Max CVSS
5.0
EPSS Score
0.71%
Published
2012-10-01
Updated
2017-08-29
scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."
Max CVSS
7.5
EPSS Score
0.75%
Published
2012-10-01
Updated
2013-04-19
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.
Max CVSS
9.3
EPSS Score
6.02%
Published
2012-06-16
Updated
2017-08-29
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.
Max CVSS
9.3
EPSS Score
6.02%
Published
2012-06-16
Updated
2017-08-29
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.
Max CVSS
9.3
EPSS Score
6.02%
Published
2012-06-16
Updated
2017-08-29
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.
Max CVSS
9.3
EPSS Score
0.27%
Published
2009-09-04
Updated
2009-09-08
14 vulnerabilities found