Netgate

Pfsense Plus

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-54780

Exploit
  • EPSS 0.72%
  • Veröffentlicht 14.05.2025 00:00:00
  • Zuletzt bearbeitet 13.06.2025 13:03:51

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacke...

5.4

CVE-2024-54779

Exploit
  • EPSS 0.01%
  • Veröffentlicht 14.05.2025 00:00:00
  • Zuletzt bearbeitet 23.06.2025 14:51:38

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross Site Scripting (XSS) in widgets/log.widget.php.

5.4

CVE-2024-57273

Exploit
  • EPSS 0.13%
  • Veröffentlicht 14.05.2025 00:00:00
  • Zuletzt bearbeitet 23.06.2025 14:50:34

Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups,...

5.9

CVE-2023-48795

Medienbericht Exploit
  • EPSS 64.06%
  • Veröffentlicht 18.12.2023 16:15:10
  • Zuletzt bearbeitet 29.09.2025 21:56:10

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...

8.8

CVE-2023-48123

  • EPSS 65.33%
  • Veröffentlicht 06.12.2023 20:15:07
  • Zuletzt bearbeitet 21.11.2024 08:31:07

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.

8.8

CVE-2023-42326

  • EPSS 83.32%
  • Veröffentlicht 14.11.2023 05:15:08
  • Zuletzt bearbeitet 21.11.2024 08:22:26

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.

9.8

CVE-2023-27100

  • EPSS 3.45%
  • Veröffentlicht 22.03.2023 23:15:12
  • Zuletzt bearbeitet 25.02.2025 22:15:14

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.

6.1

CVE-2021-20729

  • EPSS 0.3%
  • Veröffentlicht 31.03.2022 08:15:08
  • Zuletzt bearbeitet 21.11.2024 05:47:05

Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.

8.8

CVE-2022-24299

  • EPSS 0.22%
  • Veröffentlicht 31.03.2022 08:15:08
  • Zuletzt bearbeitet 21.11.2024 06:50:07

Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server sett...

8.8

CVE-2022-26019

  • EPSS 0.25%
  • Veröffentlicht 31.03.2022 08:15:08
  • Zuletzt bearbeitet 21.11.2024 06:53:19

Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite exi...