bacula 漏洞與 CVE 列表(7)

產品(CPE): — CVE 數: 7

bacula 漏洞概覽

彙總 bacula 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

常見弱點模式包括 SQL 注入與路徑處理缺陷,在 生產負載與軟體部署 使用場景中可能帶來 資料外洩與檔案覆寫 等風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 177 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2025-45346 SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request. [email protected] 8.1 0.68% 2025-07-29 2026-06-17
CVE-2017-15367 Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server. [email protected] 9.8 24.26% 2018-03-07 2026-06-16
CVE-2014-8295 SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. [email protected] 7.5 2.35% 2014-10-15 2026-06-16
CVE-2012-4430 The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors. [email protected] 4.0 2.68% 2012-10-10 2026-06-16
CVE-2008-5373 mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995. [email protected] 6.9 0.39% 2008-12-08 2026-06-16
CVE-2007-5626 make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network. [email protected] 5.5 0.29% 2007-10-23 2026-06-16
CVE-2005-2995 bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in. [email protected] 3.6 0.39% 2005-09-20 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence