Vulnerabilities > Barracuda
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-03 | CVE-2023-26213 | OS Command Injection vulnerability in Barracuda products On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. | 7.2 |
| 2021-12-01 | CVE-2021-42711 | Incorrect Default Permissions vulnerability in Barracuda Network Access Client Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. | 7.2 |
| 2020-03-12 | CVE-2019-5648 | Insufficiently Protected Credentials vulnerability in Barracuda Load Balancer ADC Firmware Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. | 5.5 |
| 2020-02-12 | CVE-2014-2595 | Insufficient Session Expiration vulnerability in Barracuda web Application Firewall 7.8.1.013 Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. | 7.5 |
| 2019-03-21 | CVE-2019-6724 | Untrusted Search Path vulnerability in Barracuda VPN Client 5.0/5.0.2.5 The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. | 7.2 |
| 2018-12-23 | CVE-2018-20369 | Cross-site Scripting vulnerability in Barracuda Message Archiver 2018 Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. | 4.3 |
| 2017-08-28 | CVE-2014-8428 | Permissions, Privileges, and Access Controls vulnerability in Barracuda Load Balancer 5.0.0.015 Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. | 7.5 |
| 2017-08-28 | CVE-2014-8426 | Use of Hard-coded Credentials vulnerability in Barracuda Load Balancer 5.0.0.015 Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. | 7.5 |
| 2017-07-18 | CVE-2017-6320 | OS Command Injection vulnerability in Barracuda Load Balancer ADC A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. | 9.0 |
| 2015-05-25 | CVE-2015-0962 | Source Code vulnerability in Barracuda web Filter Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship. | 4.3 |