Lucene search
+L

83 matches found

prion
prion
added 2020/07/10 8:15 p.m.13 views

Design/Logic Flaw

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge...

4.3CVSS6.5AI score0.00971EPSS
Exploits0References2Affected Software1
osv
osv
added 2020/07/10 8:15 p.m.6 views

UBUNTU-CVE-2020-4042

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge...

6.8CVSS6.7AI score0.00971EPSS
Exploits0References4
osv
osv
added 2020/07/10 8:15 p.m.13 views

UBUNTU-CVE-2020-11061

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched...

7.4CVSS6.9AI score0.0124EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2020/07/10 8:15 p.m.33 views

CVE-2020-4042

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge...

6.8CVSS6.7AI score0.00971EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2020/07/10 8:15 p.m.18 views

CVE-2020-11061

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched...

7.4CVSS6.9AI score0.0124EPSS
Exploits0References3
cvelist
cvelist
added 2020/07/10 7:30 p.m.24 views

CVE-2020-4042 Authentication bypass in Bareos

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge...

6.8CVSS6.4AI score0.00971EPSS
Exploits0References2
cve
cve
added 2020/07/10 7:30 p.m.97 views

CVE-2020-4042

Bareos before version 19.2.8 is vulnerable to an authentication bypass where a malicious client can replay the director’s cram-md5 challenge to the director itself, causing the director to treat the replay as a valid response to its original challenge. The issue arises when the director allows cl...

6.8CVSS6.4AI score0.00971EPSS
Exploits0References2Affected Software1
debiancve
debiancve
added 2020/07/10 7:30 p.m.30 views

CVE-2020-4042

Removed by vendor...

6.8CVSS6.6AI score0.00971EPSS
Exploits0
alpinelinux
alpinelinux
added 2020/07/10 7:30 p.m.56 views

CVE-2020-4042

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge...

6.8CVSS6.5AI score0.00971EPSS
Exploits0
cve
cve
added 2020/07/10 7:25 p.m.104 views

CVE-2020-11061

The CVE-2020-11061 entry relates to Bareos Director (versions ≤ 16.2.10, 17.2.9, 18.2.8, 19.2.7). A heap overflow allows a malicious client to corrupt the director’s memory via oversized digest strings during verify-job initialization. Mitigation is to disable verify jobs. Patches are available i...

7.4CVSS6.4AI score0.0124EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2020/07/10 7:25 p.m.28 views

CVE-2020-11061 Heap-based Buffer Overflow in Bareos Director

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched...

6CVSS7.3AI score0.0124EPSS
Exploits0References3
debiancve
debiancve
added 2020/07/10 7:25 p.m.24 views

CVE-2020-11061

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched...

7.4CVSS6.7AI score0.0124EPSS
Exploits0
alpinelinux
alpinelinux
added 2020/07/10 7:25 p.m.50 views

CVE-2020-11061

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched...

7.4CVSS6.6AI score0.0124EPSS
Exploits0
ptsecurity
ptsecurity
added 2020/07/10 12:0 a.m.4 views

PT-2020-12522 · Bareos +1 · Bareos Director +1

Name of the Vulnerable Software and Affected Versions: Bareos Director versions prior to 16.2.11 Bareos Director versions prior to 17.2.10 Bareos Director versions prior to 18.2.9 Bareos Director versions prior to 19.2.8 Description: A heap overflow in the Bareos Director allows a malicious clien...

7.4CVSS7.4AI score0.0124EPSS
Exploits0References16
cnvd
cnvd
added 2017/11/13 12:0 a.m.5 views

Bareos Privilege Permission and Access Control Vulnerabilities

Bareos is a set of open source data protection software from the German company Bareos. bareos-dir, bareos-fd and bareos-sd are among the core programs. A privilege permission and access control vulnerability exists in bareos-dir, bareos-fd, and bareos-sd in Bareos 16.2.6 and earlier versions,...

7.8CVSS6.6AI score0.00322EPSS
Exploits0References1
nvd
nvd
added 2017/09/20 6:29 p.m.18 views

CVE-2017-14610

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root scrip...

7.8CVSS7.6AI score0.00322EPSS
Exploits0References1
osv
osv
added 2017/09/20 6:29 p.m.13 views

CVE-2017-14610

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root scrip...

7.8CVSS6.8AI score
Exploits0References1
ubuntucve
ubuntucve
added 2017/09/20 6:29 p.m.30 views

CVE-2017-14610

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root scrip...

7.8CVSS7.2AI score0.00322EPSS
Exploits0References2
prion
prion
added 2017/09/20 6:29 p.m.16 views

Command injection

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root scrip...

4.6CVSS7.5AI score0.00322EPSS
Exploits0References1Affected Software1
osv
osv
added 2017/09/20 6:29 p.m.5 views

UBUNTU-CVE-2017-14610

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root scrip...

7.8CVSS7.2AI score0.00322EPSS
Exploits0References3
Rows per page
Query Builder