Vulnerabilities > Zmanda
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-26 | CVE-2023-30577 | Argument Injection or Modification vulnerability in Zmanda Amanda AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. | 7.8 |
| 2023-04-16 | CVE-2022-37704 | Command Injection vulnerability in Zmanda Amanda 3.5.1 Amanda 3.5.1 allows privilege escalation from the regular user backup to root. | 6.7 |
| 2023-04-16 | CVE-2022-37705 | Argument Injection or Modification vulnerability in Zmanda Amanda 3.5.1 A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. | 6.7 |
| 2019-12-01 | CVE-2019-19469 | Cross-Site Request Forgery (CSRF) vulnerability in Zmanda Amanda 3.3.9 In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. | 6.8 |
| 2018-10-24 | CVE-2016-10730 | Permissions, Privileges, and Access Controls vulnerability in multiple products An issue was discovered in Amanda 3.3.1. | 7.2 |
| 2018-10-24 | CVE-2016-10729 | Command Injection vulnerability in multiple products An issue was discovered in Amanda 3.3.1. | 7.2 |
| 2009-09-08 | CVE-2009-3102 | Improper Input Validation vulnerability in Zmanda ZRM for MY SQL 2.1 The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable. | 10.0 |