Page 3 of 13 results (0.008 seconds)

CVSS: 9.3EPSS: 6%CPEs: 70EXPL: 0

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package. debdiff.pl de devscripts 2.10.x anteriores a 2.10.69 y 2.11.x anteriores a 2.11.4 permite a atacantes remotos ejecutar código arbitrario a través de un nombre de archivo tarball modificado en el directorio de mayor nivel de un tarball fuente original (.orig) de un paquete fuente. • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=87f88232eb643f0c118c6ba38db8e966915b450f http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03 http://secunia.com/advisories/47955 http://secunia.com/advisories/48039 http://ubuntu.com/usn/usn-1366-1 http://www.debian.org/security/2012/dsa-2409 http://www.osvdb.org/79320 http://www.securityfocus.com/bid/52029 https://exchange.xforce.ibmcloud.com/vulnerabilities&#x • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 6%CPEs: 70EXPL: 0

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file. debdiff.pl de devscripts 2.10.x anteriores a 2.10.69 y 2.11.x anteriores a 2.11.4 permite a atacantes remotos obtener información del sistema y ejecutar código arbitrario a través de un nombre de fichero en un archivo (1) .dsc o (2) .changes. • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=797ddc961532eb0aeb46153e3f28c8e9ea0500d2 http://secunia.com/advisories/47955 http://secunia.com/advisories/48039 http://ubuntu.com/usn/usn-1366-1 http://www.debian.org/security/2012/dsa-2409 http://www.osvdb.org/79319 http://www.securityfocus.com/bid/52029 https://exchange.xforce.ibmcloud.com/vulnerabilities/73215 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 6%CPEs: 70EXPL: 0

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument. debdiff.pl de devscripts 2.10.x anteriores a 2.10.69 y 2.11.x anteriores a 2.11.4 permite a atacantes remotos ejecutar código arbitrario a través de meta-caracteres de shell en el argumento de nombre de fichero. • http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03 http://secunia.com/advisories/47955 http://secunia.com/advisories/48039 http://ubuntu.com/usn/usn-1366-1 http://www.debian.org/security/2012/dsa-2409 http://www.osvdb.org/79322 http://www.securityfocus.com/bid/52029 http://www.ubuntu.com/usn/USN-1593-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/73217 • CWE-20: Improper Input Validation •