VYPR
Vendor

Bareftp

Products
5
CVEs
7
Across products
10
Status
Private

Products

5

Recent CVEs

7
  • CVE-2017-14610HigSep 20, 2017
    risk 0.51cvss 7.8epss 0.00

    bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification…

  • CVE-2024-45044HigSep 10, 2024
    risk 0.50cvss 8.8epss 0.01

    Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. "w" for "whoami") the ACL check did not apply to the full form (i.e. "whoami")…

  • CVE-2022-24756Mar 15, 2022
    risk 0.00cvss epss 0.02

    Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory.…

  • CVE-2022-24755Mar 15, 2022
    risk 0.00cvss epss 0.02

    Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired…

  • CVE-2020-4042Jul 10, 2020
    risk 0.00cvss epss 0.01

    Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's…

  • CVE-2020-11061Jul 10, 2020
    risk 0.00cvss epss 0.01

    In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This…

  • CVE-2010-3350Oct 20, 2010
    risk 0.00cvss epss 0.00

    bareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.