CVE-2023-39006

The Crash Reporter crashreporter.php component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization...

PT-2023-26731 · Opnsense · Opnsense Business Edition +1

Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: The issue is related to insecure permissions for configd.socket. Recommendations: For OPNsense Community Edition versions prior ...

PT-2023-26732 · Opnsense · Opnsense Community Edition +1

Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: The issue is related to the Crash Reporter component, specifically the crash reporter.php file, which mishandles input...

Deciso OPNsense Security Vulnerability

Deciso OPNsense is a suite of FreeBSD-based open source firewall and routing software from Dutch company Deciso. A security vulnerability exists in OPNsense versions prior to 23.7, which stems from a directory with misconfigured permissions. An attacker can exploit this vulnerability to access...

PT-2023-8202 · Opnsense · Opnsense

Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: A directory traversal vulnerability exists in the Captive Portal templates of OPNsense, allowing attackers to execute arbitrary...