Lucene search

K

Pfsense Security Vulnerabilities

cve
cve

CVE-2023-29975

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without...

7.2CVSS

7AI Score

0.004EPSS

2023-11-09 10:15 PM
28
cve
cve

CVE-2023-29974

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password...

9.8CVSS

9.3AI Score

0.008EPSS

2023-11-08 09:15 PM
19
cve
cve

CVE-2023-29973

Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in...

4.9CVSS

5.1AI Score

0.004EPSS

2023-10-25 06:17 PM
12
cve
cve

CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result....

8.8CVSS

8.8AI Score

0.002EPSS

2022-03-31 08:15 AM
60
cve
cve

CVE-2020-19678

Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to...

7.5CVSS

7.2AI Score

0.002EPSS

2023-04-06 06:15 PM
13
cve
cve

CVE-2023-27100

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web...

9.8CVSS

9.5AI Score

0.002EPSS

2023-03-22 11:15 PM
54
cve
cve

CVE-2022-40624

pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than...

9.8CVSS

9.7AI Score

0.972EPSS

2022-12-20 03:15 PM
35
cve
cve

CVE-2022-42247

pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file...

6.1CVSS

5.9AI Score

0.001EPSS

2022-10-03 04:15 PM
32
4
cve
cve

CVE-2021-20729

Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious...

6.1CVSS

6.2AI Score

0.002EPSS

2022-03-31 08:15 AM
62
cve
cve

CVE-2022-24299

Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary...

8.8CVSS

8.7AI Score

0.003EPSS

2022-03-31 08:15 AM
64
cve
cve

CVE-2022-21132

Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public...

6.5CVSS

6.1AI Score

0.001EPSS

2022-03-10 05:45 PM
72
cve
cve

CVE-2021-41282

diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

8.8CVSS

9AI Score

0.971EPSS

2022-03-01 11:15 PM
79
cve
cve

CVE-2022-23993

/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing...

6.1CVSS

6.3AI Score

0.001EPSS

2022-01-26 07:15 PM
39
cve
cve

CVE-2020-26693

A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php...

5.4CVSS

5.2AI Score

0.001EPSS

2021-06-01 03:15 PM
20
2
cve
cve

CVE-2021-27933

pfSense 2.5.0 allows XSS via the services_wol_edit.php Description...

6.1CVSS

5.9AI Score

0.357EPSS

2021-04-28 07:15 AM
27
cve
cve

CVE-2019-18667

/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim...

6.1CVSS

6.4AI Score

0.001EPSS

2019-11-02 04:15 PM
124
cve
cve

CVE-2016-10709

pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to...

8.8CVSS

8.2AI Score

0.493EPSS

2018-01-22 04:29 AM
38
cve
cve

CVE-2014-4694

Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified...

5.9AI Score

0.002EPSS

2014-07-02 10:35 AM
18
cve
cve

CVE-2014-4696

Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to...

7.1AI Score

0.002EPSS

2014-07-02 10:35 AM
17
cve
cve

CVE-2014-4695

Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter to...

7.1AI Score

0.002EPSS

2014-07-02 10:35 AM
19
cve
cve

CVE-2014-4693

Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to...

6AI Score

0.002EPSS

2014-07-02 10:35 AM
15
cve
cve

CVE-2011-4197

etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private...

7AI Score

0.014EPSS

2012-01-03 07:55 PM
18
cve
cve

CVE-2011-5047

Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the style...

5.9AI Score

0.003EPSS

2012-01-03 07:55 PM
20