Page 2 of 15 results (0.011 seconds)

CVSS: 7.5EPSS: 10%CPEs: 9EXPL: 0

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball. Uscan en devscripts anteriores a 2.13.9 permite a atacantes remotos ejecutar código arbitrario a través de un tarball manipulado. • http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=02c6850d973e3e1246fde72edab27f03d63acc52 http://marc.info/?l=oss-security&m=138900586911271&w=2 http://secunia.com/advisories/56192 http://secunia.com/advisories/56579 http://www.debian.org/security/2014/dsa-2836 http://www.securityfocus.com/bid/64656 http://www.ubuntu.com/usn/USN-2084-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/90107 •

CVSS: 5.8EPSS: 2%CPEs: 1EXPL: 1

Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename. Uscan en devscripts 2.13.5, cuando se activa USCAN_EXCLUSION, permite a atacantes remotos eliminar archivos arbitrarios a través de un caracter de espacio en blanco en un nombre de archivo. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006 http://osvdb.org/100917 http://www.openwall.com/lists/oss-security/2013/12/12/9 http://www.openwall.com/lists/oss-security/2013/12/13/2 http://www.securityfocus.com/bid/64258 https://exchange.xforce.ibmcloud.com/vulnerabilities/89669 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 1%CPEs: 8EXPL: 0

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name. La función get_main_source_dir en scripts/uscan.pl en devscripts anterior a 2.13.8, al utilizar USCAN_EXCLUSION, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell en un nombre de directorio. • http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849 http://osvdb.org/100855 http://seclists.org/oss-sec/2013/q4/470 http://seclists.org/oss-sec/2013/q4/486 http://www.securityfocus.com/bid/64241 https://bugzilla.redhat.com/show_bug.cgi?id=1040266 https://exchange.xforce.ibmcloud.com/vulnerabilities/89666 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 0%CPEs: 91EXPL: 0

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename. scripts/dget.pl en devscripts anterior a v2.12.3 permite a atacantes remotos borrar ficheros arbitrarios mediante un fichero (1) .dsc o (2) .changes manipulado, probablemente relacionado con un byte NULL en un nombre de fichero. • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=0fd15bdec07b085f9ef438dacd18e159ac60b810 http://secunia.com/advisories/50600 http://www.debian.org/security/2012/dsa-2549 http://www.securityfocus.com/bid/55564 http://www.ubuntu.com/usn/USN-1593-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/78977 • CWE-20: Improper Input Validation •

CVSS: 1.2EPSS: 0%CPEs: 3EXPL: 0

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file. scripts/annotate-output.sh en devscripts anteriores a v2.12.2, como el usado en rpmdevtools anteriores a v8.3, permite a usuarios locales modificar ficheros a través de un ataque de enlaces simbólicos sobre los ficheros temporales de (1) salida estándar o (2) salida estándar de error. • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commit%3Bh=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0 http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086159.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087335.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00000.html http • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •