This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Devscripts Devel Team First view 2012-09-30
Product Devscripts Last view 2017-09-25
Version 2.11.9 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:devscripts_devel_team:devscripts

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2017-09-25 CVE-2015-5704

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

7.5 2017-09-06 CVE-2015-5705

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

7.5 2014-01-07 CVE-2013-6888

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.

6.8 2013-12-13 CVE-2013-7050

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.

1.2 2012-09-30 CVE-2012-3500

scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.

5 2012-09-30 CVE-2012-2241

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.

7.5 2012-09-30 CVE-2012-2240

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."

CWE : Common Weakness Enumeration

%idName
33% (2) CWE-20 Improper Input Validation
16% (1) CWE-362 Race Condition
16% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
16% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
16% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

OpenVAS Exploits

id Description
2012-10-03 Name : Ubuntu Update for devscripts USN-1593-1
File : nvt/gb_ubuntu_USN_1593_1.nasl
2012-09-19 Name : Debian Security Advisory DSA 2549-1 (devscripts)
File : nvt/deb_2549_1.nasl
2012-09-17 Name : Fedora Update for rpmdevtools FEDORA-2012-13234
File : nvt/gb_fedora_2012_13234_rpmdevtools_fc17.nasl
2012-09-17 Name : Fedora Update for rpmdevtools FEDORA-2012-13263
File : nvt/gb_fedora_2012_13263_rpmdevtools_fc16.nasl

Nessus® Vulnerability Scanner

id Description
2015-08-13 Name: The remote Fedora host is missing a security update.
File: fedora_2015-12699.nasl - Type: ACT_GATHER_INFO
2015-08-13 Name: The remote Fedora host is missing a security update.
File: fedora_2015-12716.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-757.nasl - Type: ACT_GATHER_INFO
2014-01-22 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2084-1.nasl - Type: ACT_GATHER_INFO
2014-01-06 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2836.nasl - Type: ACT_GATHER_INFO
2013-12-23 Name: The remote Fedora host is missing a security update.
File: fedora_2013-23192.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2013-123.nasl - Type: ACT_GATHER_INFO
2012-10-03 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1593-1.nasl - Type: ACT_GATHER_INFO
2012-09-18 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13208.nasl - Type: ACT_GATHER_INFO
2012-09-17 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2549.nasl - Type: ACT_GATHER_INFO
2012-09-12 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13234.nasl - Type: ACT_GATHER_INFO
2012-09-12 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13263.nasl - Type: ACT_GATHER_INFO