Skip to main content

Devscripts

15 CVEs product

Monthly

CVE-2025-8454 CRITICAL PATCH This Week

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Debian Devscripts Suse
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2018-13043 CRITICAL PATCH Act Now

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Debian RCE Devscripts Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2015-5704 HIGH PATCH This Week

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Devscripts Fedora
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-5705 HIGH PATCH This Week

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Devscripts Fedora
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2014-1833 MEDIUM This Month

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Devscripts
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-6888 HIGH This Week

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Devscripts
NVD
CVSS 2.0
7.5
EPSS
2.5%
CVE-2013-7085 MEDIUM POC This Month

Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Devscripts
NVD
CVSS 2.0
5.8
EPSS
1.0%
CVE-2013-7050 MEDIUM PATCH This Month

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Devscripts
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2012-3500 LOW PATCH Monitor

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or. Rated low severity (CVSS 1.2).

Information Disclosure Race Condition Devscripts
NVD
CVSS 2.0
1.2
EPSS
0.1%
CVE-2012-2242 MEDIUM This Month

scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Devscripts
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-2241 MEDIUM This Month

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devscripts
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-2240 HIGH This Week

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devscripts
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2012-0212 CRITICAL Act Now

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

RCE Devscripts
NVD
CVSS 2.0
9.3
EPSS
10.7%
CVE-2012-0211 CRITICAL Act Now

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

RCE Devscripts
NVD
CVSS 2.0
9.3
EPSS
10.7%
CVE-2012-0210 CRITICAL Act Now

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Devscripts
NVD
CVSS 2.0
9.3
EPSS
4.5%
EPSS 0% CVSS 9.8
CRITICAL PATCH This Week

It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Debian +2
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Debian RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Devscripts Fedora
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Devscripts Fedora
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Devscripts
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Devscripts
NVD
EPSS 1% CVSS 5.8
MEDIUM POC This Month

Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Devscripts
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Devscripts
NVD
EPSS 0% CVSS 1.2
LOW PATCH Monitor

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or. Rated low severity (CVSS 1.2).

Information Disclosure Race Condition Devscripts
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Devscripts
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devscripts
NVD
EPSS 1% CVSS 7.5
HIGH This Week

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devscripts
NVD
EPSS 11% CVSS 9.3
CRITICAL Act Now

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

RCE Devscripts
NVD
EPSS 11% CVSS 9.3
CRITICAL Act Now

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

RCE Devscripts
NVD
EPSS 5% CVSS 9.3
CRITICAL Act Now

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Devscripts
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy