Vulnerabilities (CVE)

Filtered by vendor Barracuda Subscribe
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-7102 1 Barracuda 10 Email Security Gateway 300, Email Security Gateway 300 Firmware, Email Security Gateway 400 and 7 more 2024-02-28 N/A 9.8 CRITICAL
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
CVE-2023-2868 1 Barracuda 10 Email Security Gateway 300, Email Security Gateway 300 Firmware, Email Security Gateway 400 and 7 more 2024-02-28 N/A 9.8 CRITICAL
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.
CVE-2023-26213 1 Barracuda 14 T100b, T100b Firmware, T193a and 11 more 2024-02-28 N/A 7.2 HIGH
On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters.
CVE-2021-42711 1 Barracuda 1 Network Access Client 2024-02-28 7.2 HIGH 7.8 HIGH
Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation.
CVE-2019-5648 1 Barracuda 2 Load Balancer Adc, Load Balancer Adc Firmware 2024-02-28 5.5 MEDIUM 6.5 MEDIUM
Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network.
CVE-2014-2595 1 Barracuda 1 Web Application Firewall 2024-02-28 7.5 HIGH 9.8 CRITICAL
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.
CVE-2019-6724 4 Apple, Barracuda, Linux and 1 more 4 Mac Os X, Vpn Client, Linux Kernel and 1 more 2024-02-28 7.2 HIGH 7.8 HIGH
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.
CVE-2018-20369 1 Barracuda 1 Message Archiver 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module.
CVE-2014-8426 1 Barracuda 1 Load Balancer 2024-02-28 7.5 HIGH 9.8 CRITICAL
Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015.
CVE-2017-6320 1 Barracuda 1 Load Balancer Adc 2024-02-28 9.0 HIGH 8.8 HIGH
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued.
CVE-2014-8428 1 Barracuda 1 Load Balancer 2024-02-28 7.5 HIGH 9.8 CRITICAL
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key.
CVE-2015-0962 1 Barracuda 1 Web Filter 2024-02-28 4.3 MEDIUM N/A
Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.
CVE-2015-0961 1 Barracuda 1 Web Filter 2024-02-28 4.3 MEDIUM N/A
Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.