VulnerableCode Package Details - pkg:deb/debian/bacula@1.38.11-8

Search for packages

Vulnerability	Summary	Fixed by
VCID-dasb-atv1-53ck Aliases: CVE-2020-11061	In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.	9.6.7-3 Affected by 0 other vulnerabilities.
VCID-k9yc-qbqn-uyaf Aliases: CVE-2008-5373	bacula-common: Insecure temporary file use in autochangers (symlink attack)	2.4.4-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-p2nz-7xyf-jqbw Aliases: CVE-2012-4430	A vulnerability in Bacula may allow remote attackers to obtain sensitive information.	5.2.6+dfsg-9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-v7mu-11py-d7ek Aliases: CVE-2007-5626	A vulnerability in Bacula may allow local attackers to obtain sensitive information.	5.0.2-2.2+squeeze1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-dasb-atv1-53ck
Aliases:
CVE-2020-11061

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.

9.6.7-3
Affected by 0 other vulnerabilities.

VCID-k9yc-qbqn-uyaf
Aliases:
CVE-2008-5373

bacula-common: Insecure temporary file use in autochangers (symlink attack)

2.4.4-1
Affected by 3 other vulnerabilities.

VCID-p2nz-7xyf-jqbw
Aliases:
CVE-2012-4430

A vulnerability in Bacula may allow remote attackers to obtain sensitive information.

5.2.6+dfsg-9
Affected by 1 other vulnerability.

VCID-v7mu-11py-d7ek
Aliases:
CVE-2007-5626

A vulnerability in Bacula may allow local attackers to obtain sensitive information.

5.0.2-2.2+squeeze1
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1vu9-xzw9-kfe2	zlib DoS	CVE-2005-2096
VCID-497r-ewba-b7a3	bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.	CVE-2005-2995

Vulnerability

Summary

Aliases

VCID-1vu9-xzw9-kfe2

zlib DoS

CVE-2005-2096

VCID-497r-ewba-b7a3

bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.

CVE-2005-2995

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T22:02:23.188244+00:00	Debian Oval Importer	Fixing	VCID-497r-ewba-b7a3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T21:56:22.562644+00:00	Debian Oval Importer	Fixing	VCID-1vu9-xzw9-kfe2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T21:45:18.135586+00:00	Debian Oval Importer	Affected by	VCID-p2nz-7xyf-jqbw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:41:42.238322+00:00	Debian Oval Importer	Affected by	VCID-v7mu-11py-d7ek	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:07:21.792927+00:00	Debian Oval Importer	Affected by	VCID-dasb-atv1-53ck	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:17:04.627471+00:00	Debian Oval Importer	Affected by	VCID-k9yc-qbqn-uyaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T21:40:32.663762+00:00	Debian Oval Importer	Fixing	VCID-497r-ewba-b7a3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:34:43.416602+00:00	Debian Oval Importer	Fixing	VCID-1vu9-xzw9-kfe2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:23:57.984720+00:00	Debian Oval Importer	Affected by	VCID-p2nz-7xyf-jqbw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:26:06.483210+00:00	Debian Oval Importer	Affected by	VCID-v7mu-11py-d7ek	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:52:58.034989+00:00	Debian Oval Importer	Affected by	VCID-dasb-atv1-53ck	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:03:35.804190+00:00	Debian Oval Importer	Affected by	VCID-k9yc-qbqn-uyaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T21:18:30.667057+00:00	Debian Oval Importer	Fixing	VCID-497r-ewba-b7a3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:12:54.415498+00:00	Debian Oval Importer	Fixing	VCID-1vu9-xzw9-kfe2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:02:33.557380+00:00	Debian Oval Importer	Affected by	VCID-p2nz-7xyf-jqbw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:11:57.347910+00:00	Debian Oval Importer	Affected by	VCID-v7mu-11py-d7ek	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:39:52.121595+00:00	Debian Oval Importer	Affected by	VCID-dasb-atv1-53ck	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:52:57.206860+00:00	Debian Oval Importer	Affected by	VCID-k9yc-qbqn-uyaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0