Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Devscripts Devel Team Subscribe
Filtered by product Devscripts
Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-3500 2 Devscripts Devel Team, Fedora 2 Devscripts, Rpmdevtools 2023-02-12 1.2 LOW N/A
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
CVE-2014-1833 1 Devscripts Devel Team 1 Devscripts 2018-01-02 5.0 MEDIUM N/A
Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.
CVE-2015-5704 2 Devscripts Devel Team, Fedoraproject 2 Devscripts, Fedora 2017-10-06 7.2 HIGH 7.8 HIGH
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
CVE-2015-5705 2 Devscripts Devel Team, Fedoraproject 2 Devscripts, Fedora 2017-09-13 5.0 MEDIUM 7.5 HIGH
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
CVE-2013-6888 1 Devscripts Devel Team 1 Devscripts 2017-08-28 7.5 HIGH N/A
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.
CVE-2013-7050 1 Devscripts Devel Team 1 Devscripts 2017-08-28 6.8 MEDIUM N/A
The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
CVE-2013-7085 1 Devscripts Devel Team 1 Devscripts 2017-08-28 5.8 MEDIUM N/A
Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.
CVE-2012-2241 1 Devscripts Devel Team 1 Devscripts 2017-08-28 5.0 MEDIUM N/A
scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.
CVE-2012-0210 1 Devscripts Devel Team 1 Devscripts 2017-08-28 9.3 HIGH N/A
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.
CVE-2012-0211 1 Devscripts Devel Team 1 Devscripts 2017-08-28 9.3 HIGH N/A
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.
CVE-2012-0212 1 Devscripts Devel Team 1 Devscripts 2017-08-28 9.3 HIGH N/A
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.
CVE-2012-2242 1 Devscripts Devel Team 1 Devscripts 2013-04-18 6.8 MEDIUM N/A
scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.
CVE-2012-2240 1 Devscripts Devel Team 1 Devscripts 2013-04-18 7.5 HIGH N/A
scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."
CVE-2009-2946 2 Debian, Devscripts Devel Team 2 Linux, Devscripts 2009-09-07 9.3 HIGH N/A
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.