NotCVE - vendor:"Opnsense" product:"Opnsense" version:"

Page 3 of 20 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-39003

https://notcve.org/view.php?id=CVE-2023-39003

OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. • http://opnsense.com https://logicaltrust.net/blog/2023/08/opnsense.html • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

CVE-2023-39005

https://notcve.org/view.php?id=CVE-2023-39005

Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. • https://github.com/opnsense/core/issues/6647 https://logicaltrust.net/blog/2023/08/opnsense.html • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-39008

https://notcve.org/view.php?id=CVE-2023-39008

A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. • https://github.com/opnsense/core/commit/e800097d0c287bb665f0751a98a67c75ef7b45e5 https://logicaltrust.net/blog/2023/08/opnsense.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-38999

https://notcve.org/view.php?id=CVE-2023-38999

A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. • https://github.com/opnsense/core/commit/5d68f43d1f254144831881fc87d885eed120cf3c https://logicaltrust.net/blog/2023/08/opnsense.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.6EPSS: 3%CPEs: 1EXPL: 1

CVE-2023-39007

https://notcve.org/view.php?id=CVE-2023-39007

/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. • https://github.com/opnsense/core/commit/5edff49db1cd8b5078611e2f542d91c02af2b25c https://github.com/opnsense/core/compare/23.1.11...23.7 https://logicaltrust.net/blog/2023/08/opnsense.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4