9 matches found
I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies
I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies. Last year, 74 vulnerabilities were classified as trending to compare the scale, just over 40,000 were added to NVD in 2024. All trending vulnerabilities are found in Western commercial products and...
CISA Releases IOCs Associated with Malicious Barracuda Activity
CISA has released additional indicators of compromise IOCs associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway ESG Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this...
Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway
A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway ESG appliances since October 2022. "UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic o...
The Bug Report - May 2023 Edition
The Bug Report – May 2023 Edition By Mark Bereza · June 7, 2023 Why am I here? In the film The Number 23, Jim Carrey masterfully portrays Walter Sparrow, a man who finds himself obsessed with the number 23 after coming upon a book detailing the 23 enigma, and begins to see it everywhere he looks,...
CVE-2023-2868
A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...
CVE-2023-2868
A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...
Command injection
A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...
CVE-2023-2868 Remote Code injection in Barracuda Email Security Gateway
A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...
CVE-2023-2868
CVE-2023-2868 affects Barracuda Email Security Gateway (ESG) Appliance versions 5.1.3.001–9.2.0.006. It is due to incomplete sanitization of a user-supplied .tar archive, enabling remote command execution via Perl's qx with the appliance privileges. Barracuda fixed it in patch BNSF-36456 (auto-ap...