Search criteria
9 vulnerabilities found for devscripts by debian
FKIE_CVE-2025-8454
Vulnerability from fkie_nvd - Published: 2025-08-01 06:15 - Updated: 2025-08-06 16:17
Severity
Summary
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.
References
| URL | Tags | ||
|---|---|---|---|
| security@debian.org | https://bugs.debian.org/1109251 | Issue Tracking, Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | devscripts | 2.25.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:devscripts:2.25.15:*:*:*:*:*:*:*",
"matchCriteriaId": "03D0F848-1E33-47BF-8523-03792C46EC92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que uscan, una herramienta para escanear o vigilar fuentes originales en busca de nuevas versiones de software, incluida en devscripts (una colecci\u00f3n de scripts para facilitar la vida del fabricante de paquetes Debian), omite la verificaci\u00f3n OpenPGP para archivos ya descargados incluso si una verificaci\u00f3n previa fall\u00f3."
}
],
"id": "CVE-2025-8454",
"lastModified": "2025-08-06T16:17:38.593",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-01T06:15:29.493",
"references": [
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Mailing List"
],
"url": "https://bugs.debian.org/1109251"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2013-7325
Vulnerability from fkie_nvd - Published: 2019-12-03 23:15 - Updated: 2024-11-21 02:00
Severity
Summary
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/02/12/14 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2013-7325 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/02/12/14 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2013-7325 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | devscripts | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:devscripts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8401A2-DBF5-4B44-86FF-DC25EBE20A49",
"versionEndExcluding": "2.13.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball."
},
{
"lang": "es",
"value": "Existe un problema en uscan en devscripts versiones anteriores a la versi\u00f3n 2.13.19, que podr\u00eda permitir a un usuario malicioso remoto ejecutar c\u00f3digo arbitrario por medio de un tarball especialmente dise\u00f1ado."
}
],
"id": "CVE-2013-7325",
"lastModified": "2024-11-21T02:00:45.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-03T23:15:11.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-7325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-7325"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-13043
Vulnerability from fkie_nvd - Published: 2018-07-01 22:29 - Updated: 2024-11-21 03:46
Severity
Summary
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/902409 | Patch, Vendor Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3704-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/902409 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3704-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | devscripts | * | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:devscripts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD13CC1-8DE3-4598-9CE2-C3502E1087BA",
"versionEndIncluding": "2.18.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing."
},
{
"lang": "es",
"value": "scripts/grep-excuses.pl en Debian devscripts hasta la versi\u00f3n 2.18.3 permite la ejecuci\u00f3n de c\u00f3digo mediante la carga insegura de YAML debido a que YAML::Syck se emplea sin una configuraci\u00f3n que evite una bendici\u00f3n no planeada."
}
],
"id": "CVE-2018-13043",
"lastModified": "2024-11-21T03:46:18.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-01T22:29:00.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.debian.org/902409"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3704-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.debian.org/902409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3704-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-8454 (GCVE-0-2025-8454)
Vulnerability from cvelistv5 – Published: 2025-08-01 05:41 – Updated: 2025-08-01 13:47
VLAI
Summary
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.
Severity
9.8 (Critical)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugs.debian.org/1109251 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Debian | devscripts |
Affected:
0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-8454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T13:45:28.913524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T13:47:20.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "devscripts",
"vendor": "Debian",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Uwe Kleine-K\u00f6nig"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.\u003cbr\u003e"
}
],
"value": "It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T07:54:21.202Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"url": "https://bugs.debian.org/1109251"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2025-8454",
"datePublished": "2025-08-01T05:41:09.361Z",
"dateReserved": "2025-08-01T05:31:30.538Z",
"dateUpdated": "2025-08-01T13:47:20.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7325 (GCVE-0-2013-7325)
Vulnerability from cvelistv5 – Published: 2019-12-03 22:23 – Updated: 2024-08-06 18:01
VLAI
Summary
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/0… | x_refsource_MISC |
Date Public
2014-02-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-7325"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T22:23:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-7325"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-7325",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-7325"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/12/14",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7325",
"datePublished": "2019-12-03T22:23:50.000Z",
"dateReserved": "2014-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:20.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13043 (GCVE-0-2018-13043)
Vulnerability from cvelistv5 – Published: 2018-07-01 22:00 – Updated: 2024-08-05 08:52
VLAI
Summary
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugs.debian.org/902409 | x_refsource_MISC |
| https://usn.ubuntu.com/3704-1/ | vendor-advisoryx_refsource_UBUNTU |
Date Public
2018-07-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:52:49.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/902409"
},
{
"name": "USN-3704-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3704-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-06T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/902409"
},
{
"name": "USN-3704-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3704-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/902409",
"refsource": "MISC",
"url": "https://bugs.debian.org/902409"
},
{
"name": "USN-3704-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3704-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13043",
"datePublished": "2018-07-01T22:00:00.000Z",
"dateReserved": "2018-07-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:52:49.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8454 (GCVE-0-2025-8454)
Vulnerability from nvd – Published: 2025-08-01 05:41 – Updated: 2025-08-01 13:47
VLAI
Summary
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.
Severity
9.8 (Critical)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugs.debian.org/1109251 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Debian | devscripts |
Affected:
0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-8454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T13:45:28.913524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T13:47:20.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "devscripts",
"vendor": "Debian",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Uwe Kleine-K\u00f6nig"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.\u003cbr\u003e"
}
],
"value": "It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then."
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T07:54:21.202Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"url": "https://bugs.debian.org/1109251"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2025-8454",
"datePublished": "2025-08-01T05:41:09.361Z",
"dateReserved": "2025-08-01T05:31:30.538Z",
"dateUpdated": "2025-08-01T13:47:20.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7325 (GCVE-0-2013-7325)
Vulnerability from nvd – Published: 2019-12-03 22:23 – Updated: 2024-08-06 18:01
VLAI
Summary
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/0… | x_refsource_MISC |
Date Public
2014-02-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-7325"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T22:23:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-7325"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-7325",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-7325"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/02/12/14",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/02/12/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7325",
"datePublished": "2019-12-03T22:23:50.000Z",
"dateReserved": "2014-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:20.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13043 (GCVE-0-2018-13043)
Vulnerability from nvd – Published: 2018-07-01 22:00 – Updated: 2024-08-05 08:52
VLAI
Summary
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugs.debian.org/902409 | x_refsource_MISC |
| https://usn.ubuntu.com/3704-1/ | vendor-advisoryx_refsource_UBUNTU |
Date Public
2018-07-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:52:49.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/902409"
},
{
"name": "USN-3704-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3704-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-06T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/902409"
},
{
"name": "USN-3704-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3704-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/902409",
"refsource": "MISC",
"url": "https://bugs.debian.org/902409"
},
{
"name": "USN-3704-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3704-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13043",
"datePublished": "2018-07-01T22:00:00.000Z",
"dateReserved": "2018-07-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:52:49.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}