Vulnerabilities > Bareos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-24755 | Incorrect Authorization vulnerability in Bareos Bareos is open source software for backup, archiving, and recovery of data for operating systems. | 6.8 |
| 2022-03-15 | CVE-2022-24756 | Memory Leak vulnerability in Bareos Bareos is open source software for backup, archiving, and recovery of data for operating systems. | 4.3 |
| 2020-07-10 | CVE-2020-4042 | Authentication Bypass by Capture-replay vulnerability in Bareos Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. | 4.3 |
| 2020-07-10 | CVE-2020-11061 | Heap-based Buffer Overflow vulnerability in multiple products In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. | 7.4 |
| 2017-09-20 | CVE-2017-14610 | Improper Initialization vulnerability in Bareos bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | 4.6 |