Skip to main content

Barracuda

12 CVEs product

Monthly

CVE-2026-43487 MEDIUM PATCH This Month

Random system freeze vulnerability in the Linux kernel's libata-core subsystem affects any Linux host physically equipped with a Seagate ST1000DM010-2EP102 BarraCuda hard drive, where the kernel's default enablement of SATA Link Power Management (LPM) causes the drive to fail its wake sequence and hang the system irrecoverably. The ST1000DM010-2EP102 belongs to the same BarraCuda family as the ST2000DM008-2FR102, for which an LPM quirk already exists in libata - the fix extends that quirk to cover this model. No active exploitation has been identified (absent from CISA KEV), and EPSS at 0.02% reflects negligible adversarial interest, consistent with this being a hardware compatibility defect rather than a traditional security flaw.

Linux Barracuda Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-7102 CRITICAL POC THREAT Emergency

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Barracuda Email Security Gateway 300 Firmware Email Security Gateway 400 Firmware Email Security Gateway 600 Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
43.6%
CVE-2023-2868 CRITICAL POC KEV THREAT Emergency

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Barracuda Command Injection Email Security Gateway 300 Firmware Email Security Gateway 400 Firmware Email Security Gateway 600 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
87.0%
CVE-2023-26213 HIGH POC This Week

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Barracuda Command Injection T100B Firmware T200C Firmware T400C Firmware +4
NVD
CVSS 3.1
7.2
EPSS
7.9%
CVE-2021-42711 HIGH This Week

Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Barracuda Privilege Escalation Network Access Client
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-6724 HIGH POC This Week

The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Barracuda Apple RCE Vpn Client
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-20369 MEDIUM POC This Month

Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Barracuda Message Archiver
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2014-8428 CRITICAL Act Now

Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Barracuda Privilege Escalation Load Balancer
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2014-8426 CRITICAL Act Now

Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Barracuda Authentication Bypass Load Balancer
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-6320 HIGH POC THREAT Act Now

A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

Barracuda Command Injection Load Balancer Adc
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
28.6%
Threat
4.1
CVE-2015-0962 MEDIUM This Month

Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Barracuda Information Disclosure Web Filter
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-0961 MEDIUM This Month

Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Barracuda Information Disclosure Web Filter
NVD
CVSS 2.0
4.3
EPSS
0.5%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Random system freeze vulnerability in the Linux kernel's libata-core subsystem affects any Linux host physically equipped with a Seagate ST1000DM010-2EP102 BarraCuda hard drive, where the kernel's default enablement of SATA Link Power Management (LPM) causes the drive to fail its wake sequence and hang the system irrecoverably. The ST1000DM010-2EP102 belongs to the same BarraCuda family as the ST2000DM008-2FR102, for which an LPM quirk already exists in libata - the fix extends that quirk to cover this model. No active exploitation has been identified (absent from CISA KEV), and EPSS at 0.02% reflects negligible adversarial interest, consistent with this being a hardware compatibility defect rather than a traditional security flaw.

Linux Barracuda Information Disclosure +2
NVD VulDB
EPSS 44% CVSS 9.8
CRITICAL POC THREAT Emergency

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Barracuda Email Security Gateway 300 Firmware +4
NVD GitHub
EPSS 87% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Barracuda Command Injection Email Security Gateway 300 Firmware +4
NVD
EPSS 8% CVSS 7.2
HIGH POC This Week

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Barracuda Command Injection T100B Firmware +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Barracuda Privilege Escalation Network Access Client
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Barracuda Apple RCE +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Barracuda Message Archiver
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Barracuda Privilege Escalation Load Balancer
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Barracuda Authentication Bypass Load Balancer
NVD
EPSS 29% 4.1 CVSS 8.8
HIGH POC THREAT Act Now

A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

Barracuda Command Injection Load Balancer Adc
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Barracuda Information Disclosure Web Filter
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Barracuda Information Disclosure Web Filter
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy