CVSS: 6.8EPSS: 0%CPEs: 74EXPL: 0CVE-2012-2242
https://notcve.org/view.php?id=CVE-2012-2242
scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240. scripts/dget.pl en devscripts anterior a v2.10.73 permite a atacantes remotos ejecutar comandos arbitrarios mediante un fichero (1) .dsc o (2) .changes manipulado, relacionado con "argumentos a comandos externos" que no son escapados correctamente. Una vulnerabilidad diferente a CVE-2012-2240. • http://secunia.com/advisories/50600 http://www.debian.org/security/2012/dsa-2549 http://www.securityfocus.com/bid/55564 http://www.ubuntu.com/usn/USN-1593-1 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 91EXPL: 0CVE-2012-2240
https://notcve.org/view.php?id=CVE-2012-2240
scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." scripts/dscverify.pl en devscripts anterior a v2.12.3 permite a atacantes remotos ejecutar comandos arbitarios mediante vectores no especificados relacionados con "argumentos a comandos externos" • http://secunia.com/advisories/50600 http://www.debian.org/security/2012/dsa-2549 http://www.securityfocus.com/bid/55564 http://www.ubuntu.com/usn/USN-1593-1 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 6%CPEs: 70EXPL: 0CVE-2012-0211
https://notcve.org/view.php?id=CVE-2012-0211
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package. debdiff.pl de devscripts 2.10.x anteriores a 2.10.69 y 2.11.x anteriores a 2.11.4 permite a atacantes remotos ejecutar código arbitrario a través de un nombre de archivo tarball modificado en el directorio de mayor nivel de un tarball fuente original (.orig) de un paquete fuente. • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=87f88232eb643f0c118c6ba38db8e966915b450f http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03 http://secunia.com/advisories/47955 http://secunia.com/advisories/48039 http://ubuntu.com/usn/usn-1366-1 http://www.debian.org/security/2012/dsa-2409 http://www.osvdb.org/79320 http://www.securityfocus.com/bid/52029 https://exchange.xforce.ibmcloud.com/vulnerabilities&#x • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 6%CPEs: 70EXPL: 0CVE-2012-0210
https://notcve.org/view.php?id=CVE-2012-0210
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file. debdiff.pl de devscripts 2.10.x anteriores a 2.10.69 y 2.11.x anteriores a 2.11.4 permite a atacantes remotos obtener información del sistema y ejecutar código arbitrario a través de un nombre de fichero en un archivo (1) .dsc o (2) .changes. • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=797ddc961532eb0aeb46153e3f28c8e9ea0500d2 http://secunia.com/advisories/47955 http://secunia.com/advisories/48039 http://ubuntu.com/usn/usn-1366-1 http://www.debian.org/security/2012/dsa-2409 http://www.osvdb.org/79319 http://www.securityfocus.com/bid/52029 https://exchange.xforce.ibmcloud.com/vulnerabilities/73215 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 6%CPEs: 70EXPL: 0CVE-2012-0212
https://notcve.org/view.php?id=CVE-2012-0212
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument. debdiff.pl de devscripts 2.10.x anteriores a 2.10.69 y 2.11.x anteriores a 2.11.4 permite a atacantes remotos ejecutar código arbitrario a través de meta-caracteres de shell en el argumento de nombre de fichero. • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03 http://secunia.com/advisories/47955 http://secunia.com/advisories/48039 http://ubuntu.com/usn/usn-1366-1 http://www.debian.org/security/2012/dsa-2409 http://www.osvdb.org/79322 http://www.securityfocus.com/bid/52029 http://www.ubuntu.com/usn/USN-1593-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/73217 • CWE-20: Improper Input Validation •