Search CVE reports


Toggle filters

1 – 10 of 16 results


CVE-2013-7325

Medium priority
Not affected

An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.

1 affected packages

devscripts

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
devscripts
Show less packages

CVE-2018-13043

Medium priority
Fixed

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.

1 affected packages

devscripts

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
devscripts Fixed Not affected
Show less packages

CVE-2015-5704

Medium priority
Not affected

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

1 affected packages

devscripts

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
devscripts
Show less packages

CVE-2015-5705

Medium priority
Not affected

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

1 affected packages

devscripts

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
devscripts
Show less packages

CVE-2014-1833

Medium priority

Some fixes available 3 of 6

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.

1 affected packages

devscripts

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
devscripts
Show less packages

CVE-2013-6888

Medium priority
Fixed

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.

1 affected packages

devscripts

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
devscripts
Show less packages

CVE-2013-7085

Medium priority
Not affected

Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.

1 affected packages

devscripts

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
devscripts
Show less packages

CVE-2013-7050

Medium priority
Not affected

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.

1 affected packages

devscripts

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
devscripts
Show less packages

CVE-2012-2242

Medium priority

Some fixes available 2 of 3

scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different...

1 affected packages

devscripts

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
devscripts
Show less packages

CVE-2012-2241

Medium priority

Some fixes available 4 of 5

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.

1 affected packages

devscripts

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
devscripts
Show less packages