Pfsense@* Security Vulnerabilities and Issues — Pfsense@* CVE List

Lucene search

NetgatePfsense*

4 matches found

CVE•added 2019/09/26 6:15 p.m.•120 views

CVE-2019-16915

An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.

9.8CVSS9.3AI score0.02433EPSS

Web

CVE•added 2019/09/26 6:15 p.m.•102 views

CVE-2019-16914

An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization.

6.1CVSS5.9AI score0.01636EPSS

CVE•added 2019/06/03 3:29 a.m.•75 views

CVE-2019-12585

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.

9.8CVSS9.6AI score0.11683EPSS

CVE•added 2019/06/03 3:29 a.m.•54 views

CVE-2019-12584

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.

6.1CVSS6.2AI score0.04715EPSS