CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30577
https://notcve.org/view.php?id=CVE-2023-30577
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. • https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.4 https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3 https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OITHG7FBD7HQRX2XT75GSGWB3D6XSZU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YYGJJARVLRBMNWSNXKZBXZNX3M53OVPA • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2002-0901
https://notcve.org/view.php?id=CVE-2002-0901
Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar. Múltiples desbordamientos de búfer en Advanced Maryland Automatic Disk Archiver (AMANDA) 2.3.0.4 permite a atacantes remotos, ejecutar código arbitrario mediante comandos largos al demonio amindexk, o a ciertos usuarios locales ejecutar código arbitrario mediante un argumento de línea de comando largo a los programas amcheck amgetidx amtrmidx createindex-dump, or createindex-gnutar • http://online.securityfocus.com/archive/1/274215 http://www.iss.net/security_center/static/9181.php http://www.iss.net/security_center/static/9182.php http://www.securityfocus.com/bid/4836 http://www.securityfocus.com/bid/4840 •