Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
28 vulnerabilities by devscripts_devel_team
CVE-2015-5704 (GCVE-0-2015-5704)
Vulnerability from nvd – Published: 2017-09-25 21:00 – Updated: 2024-08-06 06:59
VLAI
EPSS
VEX
Summary
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/76143 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=1249635 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2015/08/01/7 | mailing-listx_refsource_MLIST |
| https://anonscm.debian.org/cgit/collab-maint/devs… | x_refsource_CONFIRM |
Date Public
2015-08-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:04.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-12716",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260"
},
{
"name": "FEDORA-2015-12699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html"
},
{
"name": "76143",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249635"
},
{
"name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-25T20:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "FEDORA-2015-12716",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260"
},
{
"name": "FEDORA-2015-12699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html"
},
{
"name": "76143",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249635"
},
{
"name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-5704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-12716",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260"
},
{
"name": "FEDORA-2015-12699",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html"
},
{
"name": "76143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76143"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249635",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249635"
},
{
"name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/7"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-5704",
"datePublished": "2017-09-25T21:00:00.000Z",
"dateReserved": "2015-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:59:04.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5705 (GCVE-0-2015-5705)
Vulnerability from nvd – Published: 2017-09-06 21:00 – Updated: 2024-08-06 06:59
VLAI
EPSS
VEX
Summary
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://anonscm.debian.org/cgit/collab-maint/devs… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1249645 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2015/08/01/7 | mailing-listx_refsource_MLIST |
Date Public
2015-07-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:04.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249645"
},
{
"name": "FEDORA-2015-12716",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260"
},
{
"name": "FEDORA-2015-12699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html"
},
{
"name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-06T20:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249645"
},
{
"name": "FEDORA-2015-12716",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260"
},
{
"name": "FEDORA-2015-12699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html"
},
{
"name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-5705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249645",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249645"
},
{
"name": "FEDORA-2015-12716",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260"
},
{
"name": "FEDORA-2015-12699",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html"
},
{
"name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-5705",
"datePublished": "2017-09-06T21:00:00.000Z",
"dateReserved": "2015-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:59:04.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1833 (GCVE-0-2014-1833)
Vulnerability from nvd – Published: 2014-02-05 18:00 – Updated: 2024-08-06 09:50
VLAI
EPSS
VEX
Summary
Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/0… | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=1059947 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/65260 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.openwall.com/lists/oss-security/2014/01/31/7 | mailing-listx_refsource_MLIST |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160 | x_refsource_MISC |
| http://www.ubuntu.com/usn/USN-2649-1 | vendor-advisoryx_refsource_UBUNTU |
| http://osvdb.org/102748 | vdb-entryx_refsource_OSVDB |
Date Public
2014-01-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:11.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140131 Re: CVE request: uupdate (devscripts) directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059947"
},
{
"name": "65260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65260"
},
{
"name": "devscripts-cve20141833-dir-trav(90842)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90842"
},
{
"name": "[oss-security] 20140131 CVE request: uupdate (devscripts) directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160"
},
{
"name": "USN-2649-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2649-1"
},
{
"name": "102748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-02T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140131 Re: CVE request: uupdate (devscripts) directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059947"
},
{
"name": "65260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65260"
},
{
"name": "devscripts-cve20141833-dir-trav(90842)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90842"
},
{
"name": "[oss-security] 20140131 CVE request: uupdate (devscripts) directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160"
},
{
"name": "USN-2649-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2649-1"
},
{
"name": "102748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140131 Re: CVE request: uupdate (devscripts) directory traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/11"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1059947",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059947"
},
{
"name": "65260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65260"
},
{
"name": "devscripts-cve20141833-dir-trav(90842)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90842"
},
{
"name": "[oss-security] 20140131 CVE request: uupdate (devscripts) directory traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/7"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160"
},
{
"name": "USN-2649-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2649-1"
},
{
"name": "102748",
"refsource": "OSVDB",
"url": "http://osvdb.org/102748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1833",
"datePublished": "2014-02-05T18:00:00.000Z",
"dateReserved": "2014-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:50:11.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6888 (GCVE-0-2013-6888)
Vulnerability from nvd – Published: 2014-01-07 17:00 – Updated: 2024-08-06 17:53
VLAI
EPSS
VEX
Summary
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/64656 | vdb-entryx_refsource_BID |
| http://marc.info/?l=oss-security&m=138900586911271&w=2 | mailing-listx_refsource_MLIST |
| http://www.ubuntu.com/usn/USN-2084-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/56579 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2014/dsa-2836 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/56192 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://anonscm.debian.org/gitweb/?p=collab-maint/… | x_refsource_CONFIRM |
Date Public
2014-01-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64656"
},
{
"name": "[oss-security] 20140106 [notification] CVE-2013-6888: uscan: remote code execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=138900586911271\u0026w=2"
},
{
"name": "USN-2084-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2084-1"
},
{
"name": "56579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56579"
},
{
"name": "DSA-2836",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2836"
},
{
"name": "56192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56192"
},
{
"name": "debian-cve20136888-code-execution(90107)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=02c6850d973e3e1246fde72edab27f03d63acc52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64656"
},
{
"name": "[oss-security] 20140106 [notification] CVE-2013-6888: uscan: remote code execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=138900586911271\u0026w=2"
},
{
"name": "USN-2084-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2084-1"
},
{
"name": "56579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56579"
},
{
"name": "DSA-2836",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2836"
},
{
"name": "56192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56192"
},
{
"name": "debian-cve20136888-code-execution(90107)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=02c6850d973e3e1246fde72edab27f03d63acc52"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64656"
},
{
"name": "[oss-security] 20140106 [notification] CVE-2013-6888: uscan: remote code execution",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=138900586911271\u0026w=2"
},
{
"name": "USN-2084-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2084-1"
},
{
"name": "56579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56579"
},
{
"name": "DSA-2836",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2836"
},
{
"name": "56192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56192"
},
{
"name": "debian-cve20136888-code-execution(90107)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90107"
},
{
"name": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=02c6850d973e3e1246fde72edab27f03d63acc52",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=02c6850d973e3e1246fde72edab27f03d63acc52"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6888",
"datePublished": "2014-01-07T17:00:00.000Z",
"dateReserved": "2013-11-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:45.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7085 (GCVE-0-2013-7085)
Vulnerability from nvd – Published: 2013-12-14 17:00 – Updated: 2024-08-06 17:53
VLAI
EPSS
VEX
Summary
Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2013/12/13/2 | mailing-listx_refsource_MLIST |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006 | x_refsource_MISC |
| http://www.securityfocus.com/bid/64258 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2013/12/12/9 | mailing-listx_refsource_MLIST |
| http://osvdb.org/100917 | vdb-entryx_refsource_OSVDB |
Date Public
2013-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE Request: devscripts (uscan) broken handling of filenames with whitespace",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/13/2"
},
{
"name": "devscripts-uscan-file-deletion(89669)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006"
},
{
"name": "64258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64258"
},
{
"name": "[oss-security] 20131212 CVE Request: devscripts (uscan) broken handling of filenames with whitespace",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/9"
},
{
"name": "100917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE Request: devscripts (uscan) broken handling of filenames with whitespace",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/13/2"
},
{
"name": "devscripts-uscan-file-deletion(89669)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006"
},
{
"name": "64258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64258"
},
{
"name": "[oss-security] 20131212 CVE Request: devscripts (uscan) broken handling of filenames with whitespace",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/9"
},
{
"name": "100917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100917"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131212 Re: CVE Request: devscripts (uscan) broken handling of filenames with whitespace",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/13/2"
},
{
"name": "devscripts-uscan-file-deletion(89669)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89669"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006"
},
{
"name": "64258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64258"
},
{
"name": "[oss-security] 20131212 CVE Request: devscripts (uscan) broken handling of filenames with whitespace",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/9"
},
{
"name": "100917",
"refsource": "OSVDB",
"url": "http://osvdb.org/100917"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7085",
"datePublished": "2013-12-14T17:00:00.000Z",
"dateReserved": "2013-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:46.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7050 (GCVE-0-2013-7050)
Vulnerability from nvd – Published: 2013-12-13 18:00 – Updated: 2024-08-06 17:53
VLAI
EPSS
VEX
Summary
The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1040266 | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2013/q4/486 | mailing-listx_refsource_MLIST |
| http://osvdb.org/100855 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/64241 | vdb-entryx_refsource_BID |
| http://seclists.org/oss-sec/2013/q4/470 | mailing-listx_refsource_MLIST |
| http://anonscm.debian.org/gitweb/?p=collab-maint/… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849 | x_refsource_CONFIRM |
Date Public
2013-12-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040266"
},
{
"name": "[oss-securit] 20131211 Re: CVE request: devscripts (uscan) command execution flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/486"
},
{
"name": "100855",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100855"
},
{
"name": "64241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64241"
},
{
"name": "[oss-securit] 20131211 CVE request: devscripts (uscan) command execution flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/470"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5"
},
{
"name": "devscripts-cve20137050-command-execution(89666)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89666"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040266"
},
{
"name": "[oss-securit] 20131211 Re: CVE request: devscripts (uscan) command execution flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/486"
},
{
"name": "100855",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100855"
},
{
"name": "64241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64241"
},
{
"name": "[oss-securit] 20131211 CVE request: devscripts (uscan) command execution flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/470"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5"
},
{
"name": "devscripts-cve20137050-command-execution(89666)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89666"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1040266",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040266"
},
{
"name": "[oss-securit] 20131211 Re: CVE request: devscripts (uscan) command execution flaw",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/486"
},
{
"name": "100855",
"refsource": "OSVDB",
"url": "http://osvdb.org/100855"
},
{
"name": "64241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64241"
},
{
"name": "[oss-securit] 20131211 CVE request: devscripts (uscan) command execution flaw",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/470"
},
{
"name": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5"
},
{
"name": "devscripts-cve20137050-command-execution(89666)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89666"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7050",
"datePublished": "2013-12-13T18:00:00.000Z",
"dateReserved": "2013-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:45.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3500 (GCVE-0-2012-3500)
Vulnerability from nvd – Published: 2012-10-01 00:00 – Updated: 2024-08-06 20:05
VLAI
EPSS
VEX
Summary
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2012-08-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commit%3Bh=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0"
},
{
"name": "MDVSA-2013:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:123"
},
{
"name": "rpmdevtools-toctou-symlink(78230)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78230"
},
{
"name": "55358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848022"
},
{
"name": "FEDORA-2012-13208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087335.html"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "FEDORA-2012-13263",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086159.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50600"
},
{
"name": "FEDORA-2012-13234",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "[oss-security] 20120831 [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/7"
},
{
"name": "openSUSE-SU-2012:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commit%3Bh=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0"
},
{
"name": "MDVSA-2013:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:123"
},
{
"name": "rpmdevtools-toctou-symlink(78230)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78230"
},
{
"name": "55358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848022"
},
{
"name": "FEDORA-2012-13208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087335.html"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "FEDORA-2012-13263",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086159.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50600"
},
{
"name": "FEDORA-2012-13234",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "[oss-security] 20120831 [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/7"
},
{
"name": "openSUSE-SU-2012:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3500",
"datePublished": "2012-10-01T00:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2242 (GCVE-0-2012-2242)
Vulnerability from nvd – Published: 2012-10-01 00:00 – Updated: 2024-08-06 19:26
VLAI
EPSS
VEX
Summary
scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/55564 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2012/dsa-2549 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/50600 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-1593-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2012-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50600"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to \"arguments to external commands\" that are not properly escaped, a different vulnerability than CVE-2012-2240."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "55564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50600"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to \"arguments to external commands\" that are not properly escaped, a different vulnerability than CVE-2012-2240."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50600"
},
{
"name": "USN-1593-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1593-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2242",
"datePublished": "2012-10-01T00:00:00.000Z",
"dateReserved": "2012-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2241 (GCVE-0-2012-2241)
Vulnerability from nvd – Published: 2012-10-01 00:00 – Updated: 2024-08-06 19:26
VLAI
EPSS
VEX
Summary
scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/55564 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2012/dsa-2549 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/50600 | third-party-advisoryx_refsource_SECUNIA |
| http://anonscm.debian.org/gitweb/?p=devscripts/de… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-1593-1 | vendor-advisoryx_refsource_UBUNTU |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50600"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=0fd15bdec07b085f9ef438dacd18e159ac60b810"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "devscripts-file-deletion(78977)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "55564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50600"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=0fd15bdec07b085f9ef438dacd18e159ac60b810"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "devscripts-file-deletion(78977)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50600"
},
{
"name": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=0fd15bdec07b085f9ef438dacd18e159ac60b810",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=0fd15bdec07b085f9ef438dacd18e159ac60b810"
},
{
"name": "USN-1593-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "devscripts-file-deletion(78977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2241",
"datePublished": "2012-10-01T00:00:00.000Z",
"dateReserved": "2012-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:08.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2240 (GCVE-0-2012-2240)
Vulnerability from nvd – Published: 2012-10-01 00:00 – Updated: 2024-08-06 19:26
VLAI
EPSS
VEX
Summary
scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/55564 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2012/dsa-2549 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/50600 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-1593-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2012-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50600"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to \"arguments to external commands.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "55564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50600"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to \"arguments to external commands.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50600"
},
{
"name": "USN-1593-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1593-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2240",
"datePublished": "2012-10-01T00:00:00.000Z",
"dateReserved": "2012-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0212 (GCVE-0-2012-0212)
Vulnerability from nvd – Published: 2012-06-16 00:00 – Updated: 2024-08-06 18:16
VLAI
EPSS
VEX
Summary
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://anonscm.debian.org/gitweb/?p=devscripts/de… | x_refsource_CONFIRM |
| http://secunia.com/advisories/47955 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/48039 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/52029 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/79322 | vdb-entryx_refsource_OSVDB |
| http://ubuntu.com/usn/usn-1366-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.ubuntu.com/usn/USN-1593-1 | vendor-advisoryx_refsource_UBUNTU |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2012/dsa-2409 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03"
},
{
"name": "47955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "79322",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79322"
},
{
"name": "USN-1366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "devscripts-debdiff-code-execution(73217)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73217"
},
{
"name": "DSA-2409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03"
},
{
"name": "47955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "79322",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79322"
},
{
"name": "USN-1366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "devscripts-debdiff-code-execution(73217)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73217"
},
{
"name": "DSA-2409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=9cbe605d3eab4f9e67525f69b676c55b273b7a03",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=9cbe605d3eab4f9e67525f69b676c55b273b7a03"
},
{
"name": "47955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "79322",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79322"
},
{
"name": "USN-1366-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "USN-1593-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "devscripts-debdiff-code-execution(73217)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73217"
},
{
"name": "DSA-2409",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0212",
"datePublished": "2012-06-16T00:00:00.000Z",
"dateReserved": "2011-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:16:19.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0211 (GCVE-0-2012-0211)
Vulnerability from nvd – Published: 2012-06-16 00:00 – Updated: 2024-08-06 18:16
VLAI
EPSS
VEX
Summary
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://anonscm.debian.org/gitweb/?p=devscripts/de… | x_refsource_CONFIRM |
| http://secunia.com/advisories/47955 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/48039 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/52029 | vdb-entryx_refsource_BID |
| http://ubuntu.com/usn/usn-1366-1 | vendor-advisoryx_refsource_UBUNTU |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/79320 | vdb-entryx_refsource_OSVDB |
| http://anonscm.debian.org/gitweb/?p=devscripts/de… | x_refsource_CONFIRM |
| http://www.debian.org/security/2012/dsa-2409 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03"
},
{
"name": "47955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "USN-1366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "devscripts-commands-code-execution(73216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73216"
},
{
"name": "79320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=87f88232eb643f0c118c6ba38db8e966915b450f"
},
{
"name": "DSA-2409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03"
},
{
"name": "47955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "USN-1366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "devscripts-commands-code-execution(73216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73216"
},
{
"name": "79320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=87f88232eb643f0c118c6ba38db8e966915b450f"
},
{
"name": "DSA-2409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=9cbe605d3eab4f9e67525f69b676c55b273b7a03",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=9cbe605d3eab4f9e67525f69b676c55b273b7a03"
},
{
"name": "47955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "USN-1366-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "devscripts-commands-code-execution(73216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73216"
},
{
"name": "79320",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79320"
},
{
"name": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f"
},
{
"name": "DSA-2409",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0211",
"datePublished": "2012-06-16T00:00:00.000Z",
"dateReserved": "2011-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:16:19.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0210 (GCVE-0-2012-0210)
Vulnerability from nvd – Published: 2012-06-16 00:00 – Updated: 2024-08-06 18:16
VLAI
EPSS
VEX
Summary
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/47955 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/48039 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/52029 | vdb-entryx_refsource_BID |
| http://anonscm.debian.org/gitweb/?p=devscripts/de… | x_refsource_CONFIRM |
| http://ubuntu.com/usn/usn-1366-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.osvdb.org/79319 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2012/dsa-2409 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52029"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=797ddc961532eb0aeb46153e3f28c8e9ea0500d2"
},
{
"name": "USN-1366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "79319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79319"
},
{
"name": "devscripts-dsc-code-execution(73215)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73215"
},
{
"name": "DSA-2409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "47955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52029"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=797ddc961532eb0aeb46153e3f28c8e9ea0500d2"
},
{
"name": "USN-1366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "79319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79319"
},
{
"name": "devscripts-dsc-code-execution(73215)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73215"
},
{
"name": "DSA-2409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=797ddc961532eb0aeb46153e3f28c8e9ea0500d2",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=797ddc961532eb0aeb46153e3f28c8e9ea0500d2"
},
{
"name": "USN-1366-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "79319",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79319"
},
{
"name": "devscripts-dsc-code-execution(73215)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73215"
},
{
"name": "DSA-2409",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0210",
"datePublished": "2012-06-16T00:00:00.000Z",
"dateReserved": "2011-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:16:20.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2946 (GCVE-0-2009-2946)
Vulnerability from nvd – Published: 2009-09-04 20:00 – Updated: 2024-09-16 16:38
VLAI
EPSS
VEX
Summary
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://svn.debian.org/wsvn/devscripts/trunk/scrip… | x_refsource_CONFIRM |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209 | x_refsource_CONFIRM |
| http://svn.debian.org/wsvn/devscripts/trunk/scrip… | x_refsource_CONFIRM |
| http://www.debian.org/security/2009/dsa-1878 | vendor-advisoryx_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff\u0026rev=1984\u0026sc=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log\u0026rev=0\u0026sc=1\u0026isdir=0"
},
{
"name": "DSA-1878",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1878"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-04T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff\u0026rev=1984\u0026sc=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log\u0026rev=0\u0026sc=1\u0026isdir=0"
},
{
"name": "DSA-1878",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1878"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff\u0026rev=1984\u0026sc=1",
"refsource": "CONFIRM",
"url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff\u0026rev=1984\u0026sc=1"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209"
},
{
"name": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log\u0026rev=0\u0026sc=1\u0026isdir=0",
"refsource": "CONFIRM",
"url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log\u0026rev=0\u0026sc=1\u0026isdir=0"
},
{
"name": "DSA-1878",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1878"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2946",
"datePublished": "2009-09-04T20:00:00.000Z",
"dateReserved": "2009-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:38:05.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5704 (GCVE-0-2015-5704)
Vulnerability from cvelistv5 – Published: 2017-09-25 21:00 – Updated: 2024-08-06 06:59
VLAI
EPSS
VEX
Summary
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/76143 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=1249635 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2015/08/01/7 | mailing-listx_refsource_MLIST |
| https://anonscm.debian.org/cgit/collab-maint/devs… | x_refsource_CONFIRM |
Date Public
2015-08-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:04.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-12716",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260"
},
{
"name": "FEDORA-2015-12699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html"
},
{
"name": "76143",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249635"
},
{
"name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-25T20:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "FEDORA-2015-12716",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260"
},
{
"name": "FEDORA-2015-12699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html"
},
{
"name": "76143",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249635"
},
{
"name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-5704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-12716",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260"
},
{
"name": "FEDORA-2015-12699",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html"
},
{
"name": "76143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76143"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249635",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249635"
},
{
"name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/7"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-5704",
"datePublished": "2017-09-25T21:00:00.000Z",
"dateReserved": "2015-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:59:04.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5705 (GCVE-0-2015-5705)
Vulnerability from cvelistv5 – Published: 2017-09-06 21:00 – Updated: 2024-08-06 06:59
VLAI
EPSS
VEX
Summary
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://anonscm.debian.org/cgit/collab-maint/devs… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1249645 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2015/08/01/7 | mailing-listx_refsource_MLIST |
Date Public
2015-07-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:04.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249645"
},
{
"name": "FEDORA-2015-12716",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260"
},
{
"name": "FEDORA-2015-12699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html"
},
{
"name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-06T20:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249645"
},
{
"name": "FEDORA-2015-12716",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260"
},
{
"name": "FEDORA-2015-12699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html"
},
{
"name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-5705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249645",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249645"
},
{
"name": "FEDORA-2015-12716",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260"
},
{
"name": "FEDORA-2015-12699",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html"
},
{
"name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-5705",
"datePublished": "2017-09-06T21:00:00.000Z",
"dateReserved": "2015-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:59:04.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1833 (GCVE-0-2014-1833)
Vulnerability from cvelistv5 – Published: 2014-02-05 18:00 – Updated: 2024-08-06 09:50
VLAI
EPSS
VEX
Summary
Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/0… | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=1059947 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/65260 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.openwall.com/lists/oss-security/2014/01/31/7 | mailing-listx_refsource_MLIST |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160 | x_refsource_MISC |
| http://www.ubuntu.com/usn/USN-2649-1 | vendor-advisoryx_refsource_UBUNTU |
| http://osvdb.org/102748 | vdb-entryx_refsource_OSVDB |
Date Public
2014-01-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:11.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140131 Re: CVE request: uupdate (devscripts) directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059947"
},
{
"name": "65260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65260"
},
{
"name": "devscripts-cve20141833-dir-trav(90842)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90842"
},
{
"name": "[oss-security] 20140131 CVE request: uupdate (devscripts) directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160"
},
{
"name": "USN-2649-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2649-1"
},
{
"name": "102748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-02T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140131 Re: CVE request: uupdate (devscripts) directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059947"
},
{
"name": "65260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65260"
},
{
"name": "devscripts-cve20141833-dir-trav(90842)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90842"
},
{
"name": "[oss-security] 20140131 CVE request: uupdate (devscripts) directory traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160"
},
{
"name": "USN-2649-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2649-1"
},
{
"name": "102748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140131 Re: CVE request: uupdate (devscripts) directory traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/11"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1059947",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059947"
},
{
"name": "65260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65260"
},
{
"name": "devscripts-cve20141833-dir-trav(90842)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90842"
},
{
"name": "[oss-security] 20140131 CVE request: uupdate (devscripts) directory traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/7"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160"
},
{
"name": "USN-2649-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2649-1"
},
{
"name": "102748",
"refsource": "OSVDB",
"url": "http://osvdb.org/102748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1833",
"datePublished": "2014-02-05T18:00:00.000Z",
"dateReserved": "2014-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:50:11.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6888 (GCVE-0-2013-6888)
Vulnerability from cvelistv5 – Published: 2014-01-07 17:00 – Updated: 2024-08-06 17:53
VLAI
EPSS
VEX
Summary
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/64656 | vdb-entryx_refsource_BID |
| http://marc.info/?l=oss-security&m=138900586911271&w=2 | mailing-listx_refsource_MLIST |
| http://www.ubuntu.com/usn/USN-2084-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/56579 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2014/dsa-2836 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/56192 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://anonscm.debian.org/gitweb/?p=collab-maint/… | x_refsource_CONFIRM |
Date Public
2014-01-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64656"
},
{
"name": "[oss-security] 20140106 [notification] CVE-2013-6888: uscan: remote code execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=138900586911271\u0026w=2"
},
{
"name": "USN-2084-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2084-1"
},
{
"name": "56579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56579"
},
{
"name": "DSA-2836",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2836"
},
{
"name": "56192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56192"
},
{
"name": "debian-cve20136888-code-execution(90107)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=02c6850d973e3e1246fde72edab27f03d63acc52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64656"
},
{
"name": "[oss-security] 20140106 [notification] CVE-2013-6888: uscan: remote code execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=138900586911271\u0026w=2"
},
{
"name": "USN-2084-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2084-1"
},
{
"name": "56579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56579"
},
{
"name": "DSA-2836",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2836"
},
{
"name": "56192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56192"
},
{
"name": "debian-cve20136888-code-execution(90107)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=02c6850d973e3e1246fde72edab27f03d63acc52"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64656"
},
{
"name": "[oss-security] 20140106 [notification] CVE-2013-6888: uscan: remote code execution",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=138900586911271\u0026w=2"
},
{
"name": "USN-2084-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2084-1"
},
{
"name": "56579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56579"
},
{
"name": "DSA-2836",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2836"
},
{
"name": "56192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56192"
},
{
"name": "debian-cve20136888-code-execution(90107)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90107"
},
{
"name": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=02c6850d973e3e1246fde72edab27f03d63acc52",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=02c6850d973e3e1246fde72edab27f03d63acc52"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6888",
"datePublished": "2014-01-07T17:00:00.000Z",
"dateReserved": "2013-11-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:45.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7085 (GCVE-0-2013-7085)
Vulnerability from cvelistv5 – Published: 2013-12-14 17:00 – Updated: 2024-08-06 17:53
VLAI
EPSS
VEX
Summary
Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2013/12/13/2 | mailing-listx_refsource_MLIST |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006 | x_refsource_MISC |
| http://www.securityfocus.com/bid/64258 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2013/12/12/9 | mailing-listx_refsource_MLIST |
| http://osvdb.org/100917 | vdb-entryx_refsource_OSVDB |
Date Public
2013-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE Request: devscripts (uscan) broken handling of filenames with whitespace",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/13/2"
},
{
"name": "devscripts-uscan-file-deletion(89669)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006"
},
{
"name": "64258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64258"
},
{
"name": "[oss-security] 20131212 CVE Request: devscripts (uscan) broken handling of filenames with whitespace",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/9"
},
{
"name": "100917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131212 Re: CVE Request: devscripts (uscan) broken handling of filenames with whitespace",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/13/2"
},
{
"name": "devscripts-uscan-file-deletion(89669)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006"
},
{
"name": "64258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64258"
},
{
"name": "[oss-security] 20131212 CVE Request: devscripts (uscan) broken handling of filenames with whitespace",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/9"
},
{
"name": "100917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100917"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131212 Re: CVE Request: devscripts (uscan) broken handling of filenames with whitespace",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/13/2"
},
{
"name": "devscripts-uscan-file-deletion(89669)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89669"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732006"
},
{
"name": "64258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64258"
},
{
"name": "[oss-security] 20131212 CVE Request: devscripts (uscan) broken handling of filenames with whitespace",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/12/9"
},
{
"name": "100917",
"refsource": "OSVDB",
"url": "http://osvdb.org/100917"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7085",
"datePublished": "2013-12-14T17:00:00.000Z",
"dateReserved": "2013-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:46.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7050 (GCVE-0-2013-7050)
Vulnerability from cvelistv5 – Published: 2013-12-13 18:00 – Updated: 2024-08-06 17:53
VLAI
EPSS
VEX
Summary
The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1040266 | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2013/q4/486 | mailing-listx_refsource_MLIST |
| http://osvdb.org/100855 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/64241 | vdb-entryx_refsource_BID |
| http://seclists.org/oss-sec/2013/q4/470 | mailing-listx_refsource_MLIST |
| http://anonscm.debian.org/gitweb/?p=collab-maint/… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849 | x_refsource_CONFIRM |
Date Public
2013-12-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040266"
},
{
"name": "[oss-securit] 20131211 Re: CVE request: devscripts (uscan) command execution flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/486"
},
{
"name": "100855",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100855"
},
{
"name": "64241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64241"
},
{
"name": "[oss-securit] 20131211 CVE request: devscripts (uscan) command execution flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/470"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5"
},
{
"name": "devscripts-cve20137050-command-execution(89666)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89666"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040266"
},
{
"name": "[oss-securit] 20131211 Re: CVE request: devscripts (uscan) command execution flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/486"
},
{
"name": "100855",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100855"
},
{
"name": "64241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64241"
},
{
"name": "[oss-securit] 20131211 CVE request: devscripts (uscan) command execution flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/470"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5"
},
{
"name": "devscripts-cve20137050-command-execution(89666)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89666"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1040266",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1040266"
},
{
"name": "[oss-securit] 20131211 Re: CVE request: devscripts (uscan) command execution flaw",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/486"
},
{
"name": "100855",
"refsource": "OSVDB",
"url": "http://osvdb.org/100855"
},
{
"name": "64241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64241"
},
{
"name": "[oss-securit] 20131211 CVE request: devscripts (uscan) command execution flaw",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/470"
},
{
"name": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5"
},
{
"name": "devscripts-cve20137050-command-execution(89666)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89666"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7050",
"datePublished": "2013-12-13T18:00:00.000Z",
"dateReserved": "2013-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:45.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2242 (GCVE-0-2012-2242)
Vulnerability from cvelistv5 – Published: 2012-10-01 00:00 – Updated: 2024-08-06 19:26
VLAI
EPSS
VEX
Summary
scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/55564 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2012/dsa-2549 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/50600 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-1593-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2012-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50600"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to \"arguments to external commands\" that are not properly escaped, a different vulnerability than CVE-2012-2240."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "55564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50600"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to \"arguments to external commands\" that are not properly escaped, a different vulnerability than CVE-2012-2240."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50600"
},
{
"name": "USN-1593-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1593-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2242",
"datePublished": "2012-10-01T00:00:00.000Z",
"dateReserved": "2012-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2240 (GCVE-0-2012-2240)
Vulnerability from cvelistv5 – Published: 2012-10-01 00:00 – Updated: 2024-08-06 19:26
VLAI
EPSS
VEX
Summary
scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/55564 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2012/dsa-2549 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/50600 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-1593-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2012-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50600"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to \"arguments to external commands.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "55564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50600"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to \"arguments to external commands.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50600"
},
{
"name": "USN-1593-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1593-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2240",
"datePublished": "2012-10-01T00:00:00.000Z",
"dateReserved": "2012-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3500 (GCVE-0-2012-3500)
Vulnerability from cvelistv5 – Published: 2012-10-01 00:00 – Updated: 2024-08-06 20:05
VLAI
EPSS
VEX
Summary
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2012-08-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commit%3Bh=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0"
},
{
"name": "MDVSA-2013:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:123"
},
{
"name": "rpmdevtools-toctou-symlink(78230)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78230"
},
{
"name": "55358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848022"
},
{
"name": "FEDORA-2012-13208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087335.html"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "FEDORA-2012-13263",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086159.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50600"
},
{
"name": "FEDORA-2012-13234",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "[oss-security] 20120831 [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/7"
},
{
"name": "openSUSE-SU-2012:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commit%3Bh=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0"
},
{
"name": "MDVSA-2013:123",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:123"
},
{
"name": "rpmdevtools-toctou-symlink(78230)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78230"
},
{
"name": "55358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848022"
},
{
"name": "FEDORA-2012-13208",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087335.html"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "FEDORA-2012-13263",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086159.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50600"
},
{
"name": "FEDORA-2012-13234",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "[oss-security] 20120831 [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/7"
},
{
"name": "openSUSE-SU-2012:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3500",
"datePublished": "2012-10-01T00:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2241 (GCVE-0-2012-2241)
Vulnerability from cvelistv5 – Published: 2012-10-01 00:00 – Updated: 2024-08-06 19:26
VLAI
EPSS
VEX
Summary
scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/55564 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2012/dsa-2549 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/50600 | third-party-advisoryx_refsource_SECUNIA |
| http://anonscm.debian.org/gitweb/?p=devscripts/de… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-1593-1 | vendor-advisoryx_refsource_UBUNTU |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50600"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=0fd15bdec07b085f9ef438dacd18e159ac60b810"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "devscripts-file-deletion(78977)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "55564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50600"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=0fd15bdec07b085f9ef438dacd18e159ac60b810"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "devscripts-file-deletion(78977)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55564"
},
{
"name": "DSA-2549",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2549"
},
{
"name": "50600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50600"
},
{
"name": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=0fd15bdec07b085f9ef438dacd18e159ac60b810",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=0fd15bdec07b085f9ef438dacd18e159ac60b810"
},
{
"name": "USN-1593-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "devscripts-file-deletion(78977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2241",
"datePublished": "2012-10-01T00:00:00.000Z",
"dateReserved": "2012-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:08.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0210 (GCVE-0-2012-0210)
Vulnerability from cvelistv5 – Published: 2012-06-16 00:00 – Updated: 2024-08-06 18:16
VLAI
EPSS
VEX
Summary
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/47955 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/48039 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/52029 | vdb-entryx_refsource_BID |
| http://anonscm.debian.org/gitweb/?p=devscripts/de… | x_refsource_CONFIRM |
| http://ubuntu.com/usn/usn-1366-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.osvdb.org/79319 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2012/dsa-2409 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52029"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=797ddc961532eb0aeb46153e3f28c8e9ea0500d2"
},
{
"name": "USN-1366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "79319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79319"
},
{
"name": "devscripts-dsc-code-execution(73215)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73215"
},
{
"name": "DSA-2409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "47955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52029"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=797ddc961532eb0aeb46153e3f28c8e9ea0500d2"
},
{
"name": "USN-1366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "79319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79319"
},
{
"name": "devscripts-dsc-code-execution(73215)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73215"
},
{
"name": "DSA-2409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=797ddc961532eb0aeb46153e3f28c8e9ea0500d2",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=797ddc961532eb0aeb46153e3f28c8e9ea0500d2"
},
{
"name": "USN-1366-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "79319",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79319"
},
{
"name": "devscripts-dsc-code-execution(73215)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73215"
},
{
"name": "DSA-2409",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0210",
"datePublished": "2012-06-16T00:00:00.000Z",
"dateReserved": "2011-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:16:20.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0212 (GCVE-0-2012-0212)
Vulnerability from cvelistv5 – Published: 2012-06-16 00:00 – Updated: 2024-08-06 18:16
VLAI
EPSS
VEX
Summary
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://anonscm.debian.org/gitweb/?p=devscripts/de… | x_refsource_CONFIRM |
| http://secunia.com/advisories/47955 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/48039 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/52029 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/79322 | vdb-entryx_refsource_OSVDB |
| http://ubuntu.com/usn/usn-1366-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.ubuntu.com/usn/USN-1593-1 | vendor-advisoryx_refsource_UBUNTU |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2012/dsa-2409 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03"
},
{
"name": "47955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "79322",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79322"
},
{
"name": "USN-1366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "devscripts-debdiff-code-execution(73217)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73217"
},
{
"name": "DSA-2409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03"
},
{
"name": "47955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "79322",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79322"
},
{
"name": "USN-1366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "USN-1593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "devscripts-debdiff-code-execution(73217)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73217"
},
{
"name": "DSA-2409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=9cbe605d3eab4f9e67525f69b676c55b273b7a03",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=9cbe605d3eab4f9e67525f69b676c55b273b7a03"
},
{
"name": "47955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "79322",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79322"
},
{
"name": "USN-1366-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "USN-1593-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "devscripts-debdiff-code-execution(73217)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73217"
},
{
"name": "DSA-2409",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0212",
"datePublished": "2012-06-16T00:00:00.000Z",
"dateReserved": "2011-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:16:19.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0211 (GCVE-0-2012-0211)
Vulnerability from cvelistv5 – Published: 2012-06-16 00:00 – Updated: 2024-08-06 18:16
VLAI
EPSS
VEX
Summary
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://anonscm.debian.org/gitweb/?p=devscripts/de… | x_refsource_CONFIRM |
| http://secunia.com/advisories/47955 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/48039 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/52029 | vdb-entryx_refsource_BID |
| http://ubuntu.com/usn/usn-1366-1 | vendor-advisoryx_refsource_UBUNTU |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/79320 | vdb-entryx_refsource_OSVDB |
| http://anonscm.debian.org/gitweb/?p=devscripts/de… | x_refsource_CONFIRM |
| http://www.debian.org/security/2012/dsa-2409 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03"
},
{
"name": "47955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "USN-1366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "devscripts-commands-code-execution(73216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73216"
},
{
"name": "79320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=87f88232eb643f0c118c6ba38db8e966915b450f"
},
{
"name": "DSA-2409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=9cbe605d3eab4f9e67525f69b676c55b273b7a03"
},
{
"name": "47955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "USN-1366-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "devscripts-commands-code-execution(73216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73216"
},
{
"name": "79320",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh=87f88232eb643f0c118c6ba38db8e966915b450f"
},
{
"name": "DSA-2409",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-0211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=9cbe605d3eab4f9e67525f69b676c55b273b7a03",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=9cbe605d3eab4f9e67525f69b676c55b273b7a03"
},
{
"name": "47955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47955"
},
{
"name": "48039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48039"
},
{
"name": "52029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52029"
},
{
"name": "USN-1366-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1366-1"
},
{
"name": "devscripts-commands-code-execution(73216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73216"
},
{
"name": "79320",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79320"
},
{
"name": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f",
"refsource": "CONFIRM",
"url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f"
},
{
"name": "DSA-2409",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-0211",
"datePublished": "2012-06-16T00:00:00.000Z",
"dateReserved": "2011-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:16:19.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2946 (GCVE-0-2009-2946)
Vulnerability from cvelistv5 – Published: 2009-09-04 20:00 – Updated: 2024-09-16 16:38
VLAI
EPSS
VEX
Summary
Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://svn.debian.org/wsvn/devscripts/trunk/scrip… | x_refsource_CONFIRM |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209 | x_refsource_CONFIRM |
| http://svn.debian.org/wsvn/devscripts/trunk/scrip… | x_refsource_CONFIRM |
| http://www.debian.org/security/2009/dsa-1878 | vendor-advisoryx_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff\u0026rev=1984\u0026sc=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log\u0026rev=0\u0026sc=1\u0026isdir=0"
},
{
"name": "DSA-1878",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1878"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-04T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff\u0026rev=1984\u0026sc=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log\u0026rev=0\u0026sc=1\u0026isdir=0"
},
{
"name": "DSA-1878",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1878"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff\u0026rev=1984\u0026sc=1",
"refsource": "CONFIRM",
"url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff\u0026rev=1984\u0026sc=1"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209"
},
{
"name": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log\u0026rev=0\u0026sc=1\u0026isdir=0",
"refsource": "CONFIRM",
"url": "http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log\u0026rev=0\u0026sc=1\u0026isdir=0"
},
{
"name": "DSA-1878",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1878"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2946",
"datePublished": "2009-09-04T20:00:00.000Z",
"dateReserved": "2009-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:38:05.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}