Pfsense@* Security Vulnerabilities and Issues — Pfsense@* CVE List

Lucene search

NetgatePfsense*

6 matches found

CVE•added 2019/09/26 6:15 p.m.•119 views

CVE-2019-16915

An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.

9.8CVSS9.3AI score0.01406EPSS

CVE•added 2019/09/26 6:15 p.m.•101 views

CVE-2019-16914

An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.

6.1CVSS5.9AI score0.0094EPSS

CVE•added 2019/06/03 3:29 a.m.•73 views

CVE-2019-12585

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.

9.8CVSS9.6AI score0.09797EPSS

CVE•added 2019/09/25 4:15 p.m.•63 views

CVE-2019-16701

pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.

9CVSS8.9AI score0.20446EPSS

CVE•added 2019/05/20 10:29 p.m.•56 views

CVE-2019-11816

Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.

7.2CVSS6.8AI score0.02128EPSS

CVE•added 2019/06/03 3:29 a.m.•53 views

CVE-2019-12584

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.

6.1CVSS6.2AI score0.03889EPSS