Devscripts
by Debian
Source repositories
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5704 | Hig | 0.51 | 7.8 | 0.00 | Sep 25, 2017 | scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | ||
| CVE-2015-5705 | Hig | 0.49 | 7.5 | 0.01 | Sep 6, 2017 | Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | ||
| CVE-2012-0212 | 0.01 | — | 0.11 | Jun 16, 2012 | debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument. | |||
| CVE-2012-0211 | 0.01 | — | 0.11 | Jun 16, 2012 | debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package. | |||
| CVE-2025-8454 | 0.00 | — | 0.00 | Aug 1, 2025 | It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from… | |||
| CVE-2018-13043 | 0.00 | — | 0.01 | Jul 1, 2018 | scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. | |||
| CVE-2014-1833 | 0.00 | — | 0.01 | Feb 5, 2014 | Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. | |||
| CVE-2013-6888 | 0.00 | — | 0.03 | Jan 7, 2014 | Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball. | |||
| CVE-2013-7085 | 0.00 | — | 0.01 | Dec 14, 2013 | Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename. | |||
| CVE-2013-7050 | 0.00 | — | 0.01 | Dec 13, 2013 | The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name. | |||
| CVE-2012-2242 | 0.00 | — | 0.01 | Oct 1, 2012 | scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240. | |||
| CVE-2012-0210 | 0.00 | — | 0.05 | Jun 16, 2012 | debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file. |
- risk 0.51cvss 7.8epss 0.00
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
- risk 0.49cvss 7.5epss 0.01
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
- CVE-2012-0212Jun 16, 2012risk 0.01cvss —epss 0.11
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.
- CVE-2012-0211Jun 16, 2012risk 0.01cvss —epss 0.11
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.
- CVE-2025-8454Aug 1, 2025risk 0.00cvss —epss 0.00
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from…
- CVE-2018-13043Jul 1, 2018risk 0.00cvss —epss 0.01
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.
- CVE-2014-1833Feb 5, 2014risk 0.00cvss —epss 0.01
Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.
- CVE-2013-6888Jan 7, 2014risk 0.00cvss —epss 0.03
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.
- CVE-2013-7085Dec 14, 2013risk 0.00cvss —epss 0.01
Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.
- CVE-2013-7050Dec 13, 2013risk 0.00cvss —epss 0.01
The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
- CVE-2012-2242Oct 1, 2012risk 0.00cvss —epss 0.01
scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.
- CVE-2012-0210Jun 16, 2012risk 0.00cvss —epss 0.05
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.