CVE-2008-0302 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.2 UNKNOWN	LOCAL	LOW		AV:L/AC:L/Au:N/C:C/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Vendor	Product	Version
debian	apt-listchanges	𝑥 ≤ 2.81

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

apt-listchanges

bookworm	3.24 fixed
bullseye	3.24 fixed
sarge	not-affected
sid	4.8 fixed
trixie	4.8 fixed

Ubuntu Releases

Ubuntu Product

Codename

apt-listchanges

gutsy	Fixed 2.74ubuntu3.1 released
feisty	Fixed 2.72ubuntu6.1 released
edgy	not-affected
dapper	not-affected

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://git.madism.org/?p=apt-listchanges.git%3Ba=commitdiff%3Bh=1bcfbf3dc55413bb83a1782dc9a54515a963fb32

http://packages.debian.org/changelogs/pool/main/a/apt-listchanges/apt-listchanges_2.82/changelog

http://secunia.com/advisories/28513

http://secunia.com/advisories/28574

http://www.debian.org/security/2008/dsa-1465

http://www.securityfocus.com/bid/27331

http://www.ubuntu.com/usn/usn-572-1

http://git.madism.org/?p=apt-listchanges.git%3Ba=commitdiff%3Bh=1bcfbf3dc55413bb83a1782dc9a54515a963fb32

http://packages.debian.org/changelogs/pool/main/a/apt-listchanges/apt-listchanges_2.82/changelog

http://secunia.com/advisories/28513

http://secunia.com/advisories/28574

http://www.debian.org/security/2008/dsa-1465

http://www.securityfocus.com/bid/27331

http://www.ubuntu.com/usn/usn-572-1