Pfsense

Pfsense

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-34178

  • EPSS 0.02%
  • Veröffentlicht 09.09.2025 20:23:44
  • Zuletzt bearbeitet 10.10.2025 18:42:08

In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authent...

5.4

CVE-2025-34177

  • EPSS 0.02%
  • Veröffentlicht 09.09.2025 20:19:09
  • Zuletzt bearbeitet 10.10.2025 18:42:15

In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authent...

4.3

CVE-2025-34176

  • EPSS 0.04%
  • Veröffentlicht 09.09.2025 20:14:37
  • Zuletzt bearbeitet 17.10.2025 19:46:03

In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file ...

6.1

CVE-2025-34175

  • EPSS 0.03%
  • Veröffentlicht 09.09.2025 20:09:50
  • Zuletzt bearbeitet 10.10.2025 18:46:41

In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authent...

5.4

CVE-2025-34174

  • EPSS 0.02%
  • Veröffentlicht 09.09.2025 20:02:05
  • Zuletzt bearbeitet 10.10.2025 18:47:06

In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be save...

4.3

CVE-2025-34173

  • EPSS 0.04%
  • Veröffentlicht 09.09.2025 19:59:14
  • Zuletzt bearbeitet 20.10.2025 14:50:04

In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be rea...

6.1

CVE-2025-34172

  • EPSS 0.03%
  • Veröffentlicht 09.09.2025 19:43:30
  • Zuletzt bearbeitet 10.10.2025 18:47:46

In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.

6.5

CVE-2025-53392

Exploit
  • EPSS 0.04%
  • Veröffentlicht 28.06.2025 00:00:00
  • Zuletzt bearbeitet 15.10.2025 20:09:46

In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, an...

7.2

CVE-2023-29975

  • EPSS 0.08%
  • Veröffentlicht 09.11.2023 22:15:10
  • Zuletzt bearbeitet 21.11.2024 07:57:43

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.

9.8

CVE-2023-29974

  • EPSS 0.27%
  • Veröffentlicht 08.11.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:57:42

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.