Page 2 of 10 results (0.001 seconds)

CVSS: 6.8EPSS: 1%CPEs: 8EXPL: 0

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name. La función get_main_source_dir en scripts/uscan.pl en devscripts anterior a 2.13.8, al utilizar USCAN_EXCLUSION, permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell en un nombre de directorio. • http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849 http://osvdb.org/100855 http://seclists.org/oss-sec/2013/q4/470 http://seclists.org/oss-sec/2013/q4/486 http://www.securityfocus.com/bid/64241 https://bugzilla.redhat.com/show_bug.cgi?id=1040266 https://exchange.xforce.ibmcloud.com/vulnerabilities/89666 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 0%CPEs: 91EXPL: 0

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename. scripts/dget.pl en devscripts anterior a v2.12.3 permite a atacantes remotos borrar ficheros arbitrarios mediante un fichero (1) .dsc o (2) .changes manipulado, probablemente relacionado con un byte NULL en un nombre de fichero. • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=0fd15bdec07b085f9ef438dacd18e159ac60b810 http://secunia.com/advisories/50600 http://www.debian.org/security/2012/dsa-2549 http://www.securityfocus.com/bid/55564 http://www.ubuntu.com/usn/USN-1593-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/78977 • CWE-20: Improper Input Validation •

CVSS: 1.2EPSS: 0%CPEs: 3EXPL: 0

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file. scripts/annotate-output.sh en devscripts anteriores a v2.12.2, como el usado en rpmdevtools anteriores a v8.3, permite a usuarios locales modificar ficheros a través de un ataque de enlaces simbólicos sobre los ficheros temporales de (1) salida estándar o (2) salida estándar de error. • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commit%3Bh=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0 http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086159.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087335.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00000.html http • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.8EPSS: 0%CPEs: 74EXPL: 0

scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240. scripts/dget.pl en devscripts anterior a v2.10.73 permite a atacantes remotos ejecutar comandos arbitrarios mediante un fichero (1) .dsc o (2) .changes manipulado, relacionado con "argumentos a comandos externos" que no son escapados correctamente. Una vulnerabilidad diferente a CVE-2012-2240. • http://secunia.com/advisories/50600 http://www.debian.org/security/2012/dsa-2549 http://www.securityfocus.com/bid/55564 http://www.ubuntu.com/usn/USN-1593-1 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 91EXPL: 0

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." scripts/dscverify.pl en devscripts anterior a v2.12.3 permite a atacantes remotos ejecutar comandos arbitarios mediante vectores no especificados relacionados con "argumentos a comandos externos" • http://secunia.com/advisories/50600 http://www.debian.org/security/2012/dsa-2549 http://www.securityfocus.com/bid/55564 http://www.ubuntu.com/usn/USN-1593-1 • CWE-20: Improper Input Validation •