CVE-2023-38999

A Cross-Site Request Forgery CSRF in the System Halt API /system/halt of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service DoS via a crafted GET request...

CVE-2023-39001

A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...

CVE-2023-39003

OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp...

Deciso OPNsense Security Vulnerability

Deciso OPNsense is a FreeBSD-based open source firewall and routing software from the Dutch company Deciso. A security vulnerability exists in OPNsense versions prior to 23.7, which stems from a permission misconfiguration issue in configd.socket...

Deciso OPNsense Cross-Site Scripting Vulnerability

Deciso OPNsense is a suite of FreeBSD-based open source firewall and routing software from Dutch company Deciso. A cross-site scripting vulnerability exists in OPNsense versions prior to 23.7, which stems from an improper input cleanup issue in the Crash Reporter component...

Deciso OPNsense Command Injection Vulnerability

Deciso OPNsense is a FreeBSD-based open source firewall and routing software from Dutch company Deciso. A command injection vulnerability exists in OPNsense versions prior to 23.7, which stems from a command injection vulnerability in the component diagbackup.php. An attacker can exploit this...