Vulnerabilities > Barracuda

DATE CVE VULNERABILITY TITLE RISK
2023-12-24 CVE-2023-7102 Unspecified vulnerability in Barracuda products
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc.
network
low complexity
barracuda
critical
9.8
2023-05-24 CVE-2023-2868 Command Injection vulnerability in Barracuda products
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006.
network
low complexity
barracuda CWE-77
critical
9.8
2023-03-03 CVE-2023-26213 OS Command Injection vulnerability in Barracuda products
On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands.
network
low complexity
barracuda CWE-78
7.2
2021-12-01 CVE-2021-42711 Incorrect Default Permissions vulnerability in Barracuda Network Access Client
Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions.
local
low complexity
barracuda CWE-276
7.2
2020-03-12 CVE-2019-5648 Insufficiently Protected Credentials vulnerability in Barracuda Load Balancer ADC Firmware
Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials.
network
low complexity
barracuda CWE-522
5.5
2020-02-12 CVE-2014-2595 Insufficient Session Expiration vulnerability in Barracuda web Application Firewall 7.8.1.013
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.
network
low complexity
barracuda CWE-613
7.5
2019-03-21 CVE-2019-6724 Untrusted Search Path vulnerability in Barracuda VPN Client 5.0/5.0.2.5
The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root.
local
low complexity
barracuda apple linux openbsd CWE-426
7.2
2018-12-23 CVE-2018-20369 Cross-site Scripting vulnerability in Barracuda Message Archiver 2018
Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module.
network
barracuda CWE-79
4.3
2017-08-28 CVE-2014-8428 Permissions, Privileges, and Access Controls vulnerability in Barracuda Load Balancer 5.0.0.015
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key.
network
low complexity
barracuda CWE-264
7.5
2017-08-28 CVE-2014-8426 Use of Hard-coded Credentials vulnerability in Barracuda Load Balancer 5.0.0.015
Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015.
network
low complexity
barracuda CWE-798
7.5