Vulnerabilities > Barracuda > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-03 | CVE-2023-26213 | OS Command Injection vulnerability in Barracuda products On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. | 7.2 |
| 2021-12-01 | CVE-2021-42711 | Incorrect Default Permissions vulnerability in Barracuda Network Access Client Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. | 7.2 |
| 2020-02-12 | CVE-2014-2595 | Insufficient Session Expiration vulnerability in Barracuda web Application Firewall 7.8.1.013 Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. | 7.5 |
| 2019-03-21 | CVE-2019-6724 | Untrusted Search Path vulnerability in Barracuda VPN Client 5.0/5.0.2.5 The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. | 7.2 |
| 2017-08-28 | CVE-2014-8428 | Permissions, Privileges, and Access Controls vulnerability in Barracuda Load Balancer 5.0.0.015 Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. | 7.5 |
| 2017-08-28 | CVE-2014-8426 | Use of Hard-coded Credentials vulnerability in Barracuda Load Balancer 5.0.0.015 Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. | 7.5 |