Vulnerabilities > Zmanda

DATE CVE VULNERABILITY TITLE RISK
2023-07-26 CVE-2023-30577 Argument Injection or Modification vulnerability in Zmanda Amanda
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.
local
low complexity
zmanda CWE-88
7.8
2023-04-16 CVE-2022-37704 Command Injection vulnerability in Zmanda Amanda 3.5.1
Amanda 3.5.1 allows privilege escalation from the regular user backup to root.
local
low complexity
zmanda CWE-77
6.7
2023-04-16 CVE-2022-37705 Argument Injection or Modification vulnerability in Zmanda Amanda 3.5.1
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges.
local
low complexity
zmanda CWE-88
6.7
2019-12-01 CVE-2019-19469 Cross-Site Request Forgery (CSRF) vulnerability in Zmanda Amanda 3.3.9
In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters.
network
zmanda CWE-352
6.8
2018-10-24 CVE-2016-10730 Permissions, Privileges, and Access Controls vulnerability in multiple products
An issue was discovered in Amanda 3.3.1.
local
low complexity
zmanda redhat CWE-264
7.2
2018-10-24 CVE-2016-10729 Command Injection vulnerability in multiple products
An issue was discovered in Amanda 3.3.1.
local
low complexity
zmanda redhat debian CWE-77
7.2
2009-09-08 CVE-2009-3102 Improper Input Validation vulnerability in Zmanda ZRM for MY SQL 2.1
The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable.
network
low complexity
zmanda CWE-20
critical
10.0