Barracuda
Monthly
Random system freeze vulnerability in the Linux kernel's libata-core subsystem affects any Linux host physically equipped with a Seagate ST1000DM010-2EP102 BarraCuda hard drive, where the kernel's default enablement of SATA Link Power Management (LPM) causes the drive to fail its wake sequence and hang the system irrecoverably. The ST1000DM010-2EP102 belongs to the same BarraCuda family as the ST2000DM008-2FR102, for which an LPM quirk already exists in libata - the fix extends that quirk to cover this model. No active exploitation has been identified (absent from CISA KEV), and EPSS at 0.02% reflects negligible adversarial interest, consistent with this being a hardware compatibility defect rather than a traditional security flaw.
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.
Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Random system freeze vulnerability in the Linux kernel's libata-core subsystem affects any Linux host physically equipped with a Seagate ST1000DM010-2EP102 BarraCuda hard drive, where the kernel's default enablement of SATA Link Power Management (LPM) causes the drive to fail its wake sequence and hang the system irrecoverably. The ST1000DM010-2EP102 belongs to the same BarraCuda family as the ST2000DM008-2FR102, for which an LPM quirk already exists in libata - the fix extends that quirk to cover this model. No active exploitation has been identified (absent from CISA KEV), and EPSS at 0.02% reflects negligible adversarial interest, consistent with this being a hardware compatibility defect rather than a traditional security flaw.
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.
Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.