Lucene search

Pfsense Plus Security Vulnerabilities

cve

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a...

5.9CVSS

6.7AI Score

0.963EPSS

2023-12-18 04:15 PM

448

cve

CVE-2023-48123

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php...

8.8CVSS

8.8AI Score

0.002EPSS

2023-12-06 08:15 PM

cve

CVE-2023-42326

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php...

8.8CVSS

8.8AI Score

0.001EPSS

2023-11-14 05:15 AM

cve

CVE-2023-27100

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web...

9.8CVSS

9.5AI Score

0.002EPSS

2023-03-22 11:15 PM

cve

CVE-2022-29273

pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL...

6.1CVSS

6AI Score

0.001EPSS

2023-02-22 09:15 PM

cve

CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result....

8.8CVSS

8.8AI Score

0.002EPSS

2022-03-31 08:15 AM

cve

CVE-2021-20729

Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious...

6.1CVSS

6.2AI Score

0.002EPSS

2022-03-31 08:15 AM

cve

CVE-2022-24299

Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary...

8.8CVSS

8.7AI Score

0.003EPSS

2022-03-31 08:15 AM

cve

CVE-2022-23993

/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing...

6.1CVSS

6.3AI Score

0.001EPSS

2022-01-26 07:15 PM