Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Email_security_gateway_400_firmware
(Barracuda)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-24 | CVE-2023-2868 | A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format... | Email_security_gateway_300_firmware, Email_security_gateway_400_firmware, Email_security_gateway_600_firmware, Email_security_gateway_800_firmware, Email_security_gateway_900_firmware | 9.8 | ||
| 2023-12-24 | CVE-2023-7102 | Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic. | Email_security_gateway_300_firmware, Email_security_gateway_400_firmware, Email_security_gateway_600_firmware, Email_security_gateway_800_firmware, Email_security_gateway_900_firmware | 9.8 |