CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30577
https://notcve.org/view.php?id=CVE-2023-30577
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. • https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.4 https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3 https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OITHG7FBD7HQRX2XT75GSGWB3D6XSZU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YYGJJARVLRBMNWSNXKZBXZNX3M53OVPA • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19469
https://notcve.org/view.php?id=CVE-2019-19469
In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials. En Zmanda Management Console versión 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= permite un ataque de tipo CSRF, como es demostrado mediante la inyección de comandos con metacaracteres de shell. • https://github.com/robertchrk/zmanda_exploit • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-352: Cross-Site Request Forgery (CSRF) •