Astra Linux - уязвимость в bacula

In Bareos Director versions 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow vulnerability allows a malicious client to corrupt the director’s memory by sending overly large digest strings during the initialization of a verify job. Disabling verify jobs can mitigate this problem. This issue h...

(Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin Hard-Coded Credentials Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Bareos by the Hyper Data Protector Plugin. The issue...

EUVD-2020-3438

Malware in sbrugna...

EUVD-2017-6111

Malware in sbrugna...

EUVD-2020-25302

Malware in sbrugna...

EUVD-2024-41282

Malicious code in bioql PyPI...

EUVD-2022-29588

Malicious code in bioql PyPI...

EUVD-2022-29589

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-24755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director = 18.2 = 18.2 but prior to 21.1.0, 20.0.6...

Linux Distros Unpatched Vulnerability : CVE-2020-4042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allow...

Linux Distros Unpatched Vulnerability : CVE-2024-45044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command i...

Linux Distros Unpatched Vulnerability : CVE-2022-24756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director = 18.2 but prior to 21.1.0, 20.0.6, and...

Linux Distros Unpatched Vulnerability : CVE-2017-14610

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might...

Linux Distros Unpatched Vulnerability : CVE-2020-11061

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via...

CVE-2020-4042

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge...

CVE-2020-11061

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched...

CVE-2017-14610

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root scrip...

CVE-2022-24755

Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director = 18.2 = 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts...

CVE-2022-24756

Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director = 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that i...

CVE-2024-45044

Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation i.e. "w" for "whoami" the ACL check did not apply to the full form i.e. "whoami" but to the abbreviated...