10 matches found
CVE-2023-48795
CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...
CVE-2023-27100
The CVE affects Netgate pfSense Plus v22.05.1 and pfSense CE v2.6.0, where the SSHGuard anti-brute force protection can be bypassed via crafted web requests due to an improper restriction of excessive authentication attempts. Public details in connected documents confirm the affected versions and...
CVE-2024-54779
CVE-2024-54779 affects Netgate pfSense CE and corresponding Plus builds before 2.8.0 beta, with a Cross Site Scripting (XSS) flaw in widgets/log.widget.php. Root cause: input handling in that widget allows injected script. Impact per sources is XSS risk; no exploitation details are provided in th...
CVE-2024-57273
CVE-2024-57273 affects Netgate pfSense CE and Plus builds older than pfSense 2.8.0 beta, with a stored/reflected XSS in the Automatic Configuration Backup (ACB) service. The unsanitized Reason field (and a derivable device key from the public SSH key) enables remote attacker JavaScript execution,...
CVE-2022-24299
The CVE-2022-24299 issue affects pfSense CE (versions prior to 2.6.0) and pfSense Plus (prior to 22.01); it is an Improper Input Validation vulnerability that lets a privileged attacker who can modify OpenVPN client/server settings execute arbitrary commands. This is documented across multiple so...
CVE-2022-26019
The CVE-2022-26019 issue affects pfSense CE/Plus: pfSense CE before 2.6.0 and pfSense Plus before 22.01. The root cause is improper access control that lets a remote attacker with privilege to modify NTP GPS settings rewrite files on the filesystem, potentially enabling arbitrary command executio...
CVE-2021-20729
The CVE-2021-20729 entry concerns a Cross-site scripting (XSS) vulnerability in pfSense CE (versions <= 2.5.2) and pfSense Plus (versions
CVE-2023-48123
CVE-2023-48123 : An issue in Netgate pfSense Plus v.23.05.1 and earlier and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. The NVD and OSV entries describe it as a remote, unauthenticated code execution with network acce...
CVE-2024-54780
CVE-2024-54780 affects Netgate pfSense CE (prior to 2.8.0 beta) and corresponding Plus builds. The vulnerability is a command-injection flaw in the OpenVPN widget caused by improper sanitization of user-supplied input to the OpenVPN management interface, enabling an authenticated attacker to inje...
CVE-2023-42326
pfSense 2.7.0 contains a remote code execution flaw via crafted requests to interfaces_gif_edit.php and interfaces_gre_edit.php due to lack of input validation. The issue allows an authenticated attacker to execute arbitrary commands. PoCs/escalation tools exist (GitHub PoCs) and show command inj...