Lucene search
K
NetgatePfsense Plus

10 matches found

CVE
CVE
added 2023/12/18 12:0 a.m.4928 views

CVE-2023-48795

CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...

5.9CVSS6.7AI score0.93305EPSS
CVE
CVE
added 2023/03/22 12:0 a.m.175 views

CVE-2023-27100

The CVE affects Netgate pfSense Plus v22.05.1 and pfSense CE v2.6.0, where the SSHGuard anti-brute force protection can be bypassed via crafted web requests due to an improper restriction of excessive authentication attempts. Public details in connected documents confirm the affected versions and...

9.8CVSS9.5AI score0.09844EPSS
Web
CVE
CVE
added 2025/05/14 12:0 a.m.122 views

CVE-2024-54779

CVE-2024-54779 affects Netgate pfSense CE and corresponding Plus builds before 2.8.0 beta, with a Cross Site Scripting (XSS) flaw in widgets/log.widget.php. Root cause: input handling in that widget allows injected script. Impact per sources is XSS risk; no exploitation details are provided in th...

5.4CVSS6.1AI score0.03737EPSS
CVE
CVE
added 2025/05/14 12:0 a.m.102 views

CVE-2024-57273

CVE-2024-57273 affects Netgate pfSense CE and Plus builds older than pfSense 2.8.0 beta, with a stored/reflected XSS in the Automatic Configuration Backup (ACB) service. The unsanitized Reason field (and a derivable device key from the public SSH key) enables remote attacker JavaScript execution,...

5.4CVSS6.3AI score0.01181EPSS
CVE
CVE
added 2022/03/31 7:21 a.m.98 views

CVE-2022-24299

The CVE-2022-24299 issue affects pfSense CE (versions prior to 2.6.0) and pfSense Plus (prior to 22.01); it is an Improper Input Validation vulnerability that lets a privileged attacker who can modify OpenVPN client/server settings execute arbitrary commands. This is documented across multiple so...

8.8CVSS8.7AI score0.01857EPSS
CVE
CVE
added 2022/03/31 7:21 a.m.92 views

CVE-2022-26019

The CVE-2022-26019 issue affects pfSense CE/Plus: pfSense CE before 2.6.0 and pfSense Plus before 22.01. The root cause is improper access control that lets a remote attacker with privilege to modify NTP GPS settings rewrite files on the filesystem, potentially enabling arbitrary command executio...

8.8CVSS8.8AI score0.04229EPSS
CVE
CVE
added 2022/03/31 7:20 a.m.91 views

CVE-2021-20729

The CVE-2021-20729 entry concerns a Cross-site scripting (XSS) vulnerability in pfSense CE (versions <= 2.5.2) and pfSense Plus (versions

6.1CVSS6.2AI score0.02767EPSS
CVE
CVE
added 2023/12/06 12:0 a.m.78 views

CVE-2023-48123

CVE-2023-48123 : An issue in Netgate pfSense Plus v.23.05.1 and earlier and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. The NVD and OSV entries describe it as a remote, unauthenticated code execution with network acce...

8.8CVSS8.8AI score0.67848EPSS
CVE
CVE
added 2025/05/14 12:0 a.m.77 views

CVE-2024-54780

CVE-2024-54780 affects Netgate pfSense CE (prior to 2.8.0 beta) and corresponding Plus builds. The vulnerability is a command-injection flaw in the OpenVPN widget caused by improper sanitization of user-supplied input to the OpenVPN management interface, enabling an authenticated attacker to inje...

8.8CVSS7.6AI score0.11991EPSS
CVE
CVE
added 2023/11/14 12:0 a.m.59 views

CVE-2023-42326

pfSense 2.7.0 contains a remote code execution flaw via crafted requests to interfaces_gif_edit.php and interfaces_gre_edit.php due to lack of input validation. The issue allows an authenticated attacker to execute arbitrary commands. PoCs/escalation tools exist (GitHub PoCs) and show command inj...

8.8CVSS8.8AI score0.64021EPSS