Every CVE whose affected-product data names Zmanda Amanda, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2019-19469 — CVSS 8.8 (high): In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command…
CVE-2016-10729 — CVSS 7.8 (high): An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid…
CVE-2016-10730 — CVSS 7.8 (high): An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda…
CVE-2023-30577 — CVSS 7.8 (high): AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a…
CVE-2022-37704 — CVSS 6.7 (medium): Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute…
CVE-2022-37705 — CVSS 6.7 (medium): A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the…