Vulnerabilities > Bareos

DATE CVE VULNERABILITY TITLE RISK
2022-03-15 CVE-2022-24755 Incorrect Authorization vulnerability in Bareos
Bareos is open source software for backup, archiving, and recovery of data for operating systems.
network
bareos CWE-863
6.8
2022-03-15 CVE-2022-24756 Memory Leak vulnerability in Bareos
Bareos is open source software for backup, archiving, and recovery of data for operating systems.
network
bareos CWE-401
4.3
2020-07-10 CVE-2020-4042 Authentication Bypass by Capture-replay vulnerability in Bareos
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself.
network
bareos CWE-294
4.3
2020-07-10 CVE-2020-11061 Heap-based Buffer Overflow vulnerability in multiple products
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job.
network
low complexity
bareos debian CWE-122
7.4
2017-09-20 CVE-2017-14610 Improper Initialization vulnerability in Bareos
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
local
low complexity
bareos CWE-665
4.6