Lucene search

Pfsense Plus Security Vulnerabilities - 2023

cve

CVE-2022-29273

pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.

6.1CVSS

6AI Score

0.001EPSS

2023-02-22 09:15 PM

cve

CVE-2023-27100

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.

9.8CVSS

9.5AI Score

0.003EPSS

2023-03-22 11:15 PM

cve

CVE-2023-42326

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.

8.8CVSS

8.8AI Score

0.001EPSS

2023-11-14 05:15 AM

cve

CVE-2023-48123

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.

8.8CVSS

8.8AI Score

0.002EPSS

2023-12-06 08:15 PM

cve

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connecti...

5.9CVSS

6.7AI Score

0.965EPSS

2023-12-18 04:15 PM

1025