Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pfsense
(Netgate)| Repositories | https://github.com/opnsense/core |
| #Vulnerabilities | 48 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-14 | CVE-2023-42325 | Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. | Pfsense | 5.4 | ||
| 2023-11-14 | CVE-2023-42327 | Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. | Pfsense | 5.4 | ||
| 2023-11-14 | CVE-2023-42326 | An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | Pfsense, Pfsense_plus | 8.8 | ||
| 2023-12-06 | CVE-2023-48123 | An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. | Pfsense, Pfsense_plus | 8.8 | ||
| 2022-03-31 | CVE-2022-26019 | Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. | Pfsense, Pfsense_plus | 8.8 | ||
| 2023-03-17 | CVE-2023-27253 | A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml. | Pfsense | 8.8 | ||
| 2023-02-22 | CVE-2022-29273 | pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. | Pfsense | 6.1 | ||
| 2023-04-04 | CVE-2020-21487 | Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php. | Pfsense, Pfsense_acme_package | 9.6 | ||
| 2022-12-15 | CVE-2020-21219 | Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package. | Acme, Pfsense | 6.1 | ||
| 2018-12-03 | CVE-2018-4019 | An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter. | Pfsense | 7.2 |