HOMEVULNERABILITIESVENDORSDevscripts Devel Team

Devscripts Devel TeamCVEs & Vulnerabilities

14 CVEs affecting Devscripts Devel Team products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

devscripts 480
CVE-2015-5704HIGH

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

26 Sep 2017
7.8
CVSS
CVE-2015-5705HIGH

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

7 Sep 2017
7.5
CVSS
CVE-2014-1833MEDIUM

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.

5 Feb 2014
5.0
CVSS
CVE-2013-6888HIGH

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.

7 Jan 2014
7.5
CVSS
CVE-2013-7085MEDIUM

Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.

14 Dec 2013
5.8
CVSS
CVE-2013-7050MEDIUM

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.

13 Dec 2013
6.8
CVSS
CVE-2012-3500LOW

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.

1 Oct 2012
1.2
CVSS
CVE-2012-2242MEDIUM

scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.

1 Oct 2012
6.8
CVSS
CVE-2012-2241MEDIUM

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.

1 Oct 2012
5.0
CVSS
CVE-2012-2240HIGH

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."

1 Oct 2012
7.5
CVSS
CVE-2012-0212CRITICAL

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.

16 Jun 2012
9.3
CVSS
CVE-2012-0211CRITICAL

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.

16 Jun 2012
9.3
CVSS
CVE-2012-0210CRITICAL

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.

16 Jun 2012
9.3
CVSS
CVE-2009-2946CRITICAL

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.

4 Sep 2009
9.3
CVSS
← PrevPage 1 / 1Next →