彙總 devscripts_devel_team 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 輸入驗證問題與路徑處理缺陷,在 生產負載與軟體部署 使用場景中可能帶來 異常行為與檔案覆寫 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2015-5704 | scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | [email protected] | 7.8 | 0.05% | 2017-09-25 | 2026-05-13 |
| CVE-2015-5705 | Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | [email protected] | 7.5 | 0.83% | 2017-09-06 | 2026-05-13 |
| CVE-2014-1833 | Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. | [email protected] | 5.0 | 0.65% | 2014-02-05 | 2026-04-29 |
| CVE-2013-6888 | Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball. | [email protected] | 7.5 | 2.54% | 2014-01-07 | 2026-04-29 |
| CVE-2013-7085 | Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename. | [email protected] | 5.8 | 1.00% | 2013-12-14 | 2026-04-29 |
| CVE-2013-7050 | The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name. | [email protected] | 6.8 | 0.84% | 2013-12-13 | 2026-04-29 |
| CVE-2012-3500 | scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file. | [email protected] | 1.2 | 0.06% | 2012-10-01 | 2026-04-29 |
| CVE-2012-2242 | scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240. | [email protected] | 6.8 | 0.64% | 2012-10-01 | 2026-04-29 |
| CVE-2012-2241 | scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename. | [email protected] | 5.0 | 0.56% | 2012-10-01 | 2026-04-29 |
| CVE-2012-2240 | scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." | [email protected] | 7.5 | 0.97% | 2012-10-01 | 2026-04-29 |
| CVE-2012-0212 | debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument. | [email protected] | 9.3 | 10.65% | 2012-06-16 | 2026-04-29 |
| CVE-2012-0211 | debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package. | [email protected] | 9.3 | 10.65% | 2012-06-16 | 2026-04-29 |
| CVE-2012-0210 | debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file. | [email protected] | 9.3 | 4.51% | 2012-06-16 | 2026-04-29 |
| CVE-2009-2946 | Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages. | [email protected] | 9.3 | 0.78% | 2009-09-04 | 2026-04-23 |