VYPR

Bareos

by Bareftp

Source repositories

CVEs (5)

  • CVE-2017-14610HigSep 20, 2017
    risk 0.51cvss 7.8epss 0.00

    bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification…

  • CVE-2024-45044HigSep 10, 2024
    risk 0.50cvss 8.8epss 0.01

    Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. "w" for "whoami") the ACL check did not apply to the full form (i.e. "whoami")…

  • CVE-2022-24756Mar 15, 2022
    risk 0.00cvss epss 0.02

    Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory.…

  • CVE-2022-24755Mar 15, 2022
    risk 0.00cvss epss 0.02

    Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired…

  • CVE-2020-4042Jul 10, 2020
    risk 0.00cvss epss 0.01

    Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's…