CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30577 – Ubuntu Security Notice USN-6614-1
https://notcve.org/view.php?id=CVE-2023-30577
26 Jul 2023 — AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. It was discovered that amanda did not properly check certain arguments. A local unprivileged attacker could possibly use this issue to perform a privilege escalation attack. • https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.4 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19469
https://notcve.org/view.php?id=CVE-2019-19469
01 Dec 2019 — In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials. En Zmanda Management Console versión 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= permite un ataque de tipo CSRF, como es demostrado mediante la inyección de comandos con metacaracteres de shell. • https://github.com/robertchrk/zmanda_exploit • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-352: Cross-Site Request Forgery (CSRF) •