barracuda 漏洞与 CVE 列表(18)

产品(CPE): — CVE 数: 18

barracuda 漏洞概览

汇总 barracuda 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

常见弱点模式包括 跨站脚本、路径处理缺陷与输入验证问题,在 软件部署与生产负载 使用场景中可能带来 会话劫持、文件覆盖与异常行为 等风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 11818 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2025-34395 Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys. [email protected] 8.7 0.66% 2025-12-10 2026-06-17
CVE-2025-34394 Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution. [email protected] 10.0 0.59% 2025-12-10 2026-06-17
CVE-2025-34393 Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types. [email protected] 10.0 0.59% 2025-12-10 2026-06-17
CVE-2025-34392 Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload. [email protected] 10.0 22.79% 2025-12-10 2026-06-17
CVE-2025-8319 the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter 4ac701fe-44e9-4bcd-9585-dd6449257611 6.1 0.21% 2025-07-29 2026-06-17
CVE-2023-7102 Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic. [email protected] 9.8 43.32% 2023-12-24 2026-06-17
CVE-2023-2868 KEV A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format the [email protected] 9.4 86.96% 2023-05-24 2026-06-17
CVE-2023-26213 On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters. [email protected] 7.2 7.88% 2023-03-03 2026-06-17
CVE-2021-42711 Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation. [email protected] 7.8 0.26% 2021-12-01 2026-06-17
CVE-2019-5648 Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network. [email protected] 6.5 1.12% 2020-03-12 2026-06-16
CVE-2014-2595 Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. [email protected] 9.8 16.87% 2020-02-11 2026-06-16
CVE-2019-6724 The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. [email protected] 7.8 0.52% 2019-03-21 2026-06-16
CVE-2018-20369 Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module. [email protected] 6.1 0.69% 2018-12-22 2026-06-16
CVE-2014-8428 Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. [email protected] 9.8 2.36% 2017-08-28 2026-06-16
CVE-2014-8426 Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. [email protected] 9.8 2.23% 2017-08-28 2026-06-16
CVE-2017-6320 A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued. [email protected] 8.8 11.08% 2017-07-18 2026-06-16
CVE-2015-0962 Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship. [email protected] 4.3 1.41% 2015-05-25 2026-06-16
CVE-2015-0961 Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. [email protected] 4.3 0.75% 2015-05-25 2026-06-16
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence