Vulnerabilities > Barracuda

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-24	CVE-2023-7102	Unspecified vulnerability in Barracuda products Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. network low complexity barracuda critical	9.8
2023-05-24	CVE-2023-2868	Command Injection vulnerability in Barracuda products A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. network low complexity barracuda CWE-77 critical	9.8
2023-03-03	CVE-2023-26213	OS Command Injection vulnerability in Barracuda products On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. network low complexity barracuda CWE-78	7.2
2021-12-01	CVE-2021-42711	Incorrect Default Permissions vulnerability in Barracuda Network Access Client Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. local low complexity barracuda CWE-276	7.8
2020-03-12	CVE-2019-5648	Insufficiently Protected Credentials vulnerability in Barracuda Load Balancer ADC Firmware Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. network low complexity barracuda CWE-522	6.5
2020-02-12	CVE-2014-2595	Insufficient Session Expiration vulnerability in Barracuda web Application Firewall 7.8.1.013 Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. network low complexity barracuda CWE-613 critical	9.8
2019-03-21	CVE-2019-6724	Untrusted Search Path vulnerability in Barracuda VPN Client 5.0/5.0.2.5 The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. local low complexity barracuda CWE-426	7.8
2018-12-23	CVE-2018-20369	Cross-site Scripting vulnerability in Barracuda Message Archiver 2018 Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. network low complexity barracuda CWE-79	6.1
2017-08-28	CVE-2014-8428	Permissions, Privileges, and Access Controls vulnerability in Barracuda Load Balancer 5.0.0.015 Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. network low complexity barracuda CWE-264 critical	9.8
2017-08-28	CVE-2014-8426	Use of Hard-coded Credentials vulnerability in Barracuda Load Balancer 5.0.0.015 Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. network low complexity barracuda CWE-798 critical	9.8

Vulnerabilities > Barracuda {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Barracuda"}]}

Vulnerabilities > Barracuda