Devscripts

devscripts

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-5704 2Devscripts Devel Team Fedoraproject 2Devscripts Fedora May 13, 2026 Sep 25, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
CVE-2015-5705 2Devscripts Devel Team Fedoraproject 2Devscripts Fedora May 13, 2026 Sep 6, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
CVE-2014-1833 1Devscripts Devel Team 1Devscripts Apr 29, 2026 Feb 5, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.
CVE-2013-6888 1Devscripts Devel Team 1Devscripts Apr 29, 2026 Jan 7, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.
CVE-2013-7085 1Devscripts Devel Team 1Devscripts Apr 29, 2026 Dec 14, 2013 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.
CVE-2013-7050 1Devscripts Devel Team 1Devscripts Apr 29, 2026 Dec 13, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
CVE-2012-3500 1Devscripts Devel Team 1Devscripts Apr 29, 2026 Oct 1, 2012 N/A· v4 N/A· v3 1.2 LOW· v2 scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error outp...Show more scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.Show less
CVE-2012-2242 1Devscripts Devel Team 1Devscripts Apr 29, 2026 Oct 1, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a...Show more scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.Show less
CVE-2012-2241 1Devscripts Devel Team 1Devscripts Apr 29, 2026 Oct 1, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.
CVE-2012-2240 1Devscripts Devel Team 1Devscripts Apr 29, 2026 Oct 1, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."
CVE-2012-0212 1Devscripts Devel Team 1Devscripts Apr 29, 2026 Jun 16, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.
CVE-2012-0211 1Devscripts Devel Team 1Devscripts Apr 29, 2026 Jun 16, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball o...Show more debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.Show less
CVE-2012-0210 1Devscripts Devel Team 1Devscripts Apr 29, 2026 Jun 16, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.
CVE-2009-2946 1Devscripts Devel Team 1Devscripts Apr 23, 2026 Sep 4, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian...Show more Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.Show less