CVSS: 9.0EPSS: 55%CPEs: 2EXPL: 2CVE-2023-48123
https://notcve.org/view.php?id=CVE-2023-48123
06 Dec 2023 — An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. Un problema en Netgate pfSense Plus v.23.05.1 y anteriores y pfSense CE v.2.7.0 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud manipulada al archivo packet_capture.php. • https://github.com/NHPT/CVE-2023-48123 •
CVSS: 5.5EPSS: 48%CPEs: 1EXPL: 1CVE-2023-42325
https://notcve.org/view.php?id=CVE-2023-42325
14 Nov 2023 — Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. La vulnerabilidad de Cross Site Scripting (XSS) en Netgate pfSense v.2.7.0 permite a un atacante remoto obtener privilegios a través de una URL manipulada para la página status_logs_filter_dynamic.php. • https://docs.netgate.com/downloads/pfSense-SA-23_09.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 83%CPEs: 2EXPL: 2CVE-2023-42326
https://notcve.org/view.php?id=CVE-2023-42326
14 Nov 2023 — An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. Un problema en Netgate pfSense v.2.7.0 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud manipulada a los componentes interfaces_gif_edit.php e interfaces_gre_edit.php. • https://github.com/bl4ckarch/CVE-2023-42326 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 48%CPEs: 1EXPL: 1CVE-2023-42327
https://notcve.org/view.php?id=CVE-2023-42327
14 Nov 2023 — Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. La vulnerabilidad de Cross Site Scripting (XSS) en Netgate pfSense v.2.7.0 permite a un atacante remoto obtener privilegios a través de una URL manipulada para la página getserviceproviders.php. • https://docs.netgate.com/downloads/pfSense-SA-23_08.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 78%CPEs: 1EXPL: 2CVE-2023-27253 – pfSense v2.7.0 - OS Command Injection
https://notcve.org/view.php?id=CVE-2023-27253
17 Mar 2023 — A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml. • https://packetstorm.news/files/id/173487 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 6.4EPSS: 45%CPEs: 2EXPL: 0CVE-2022-29273
https://notcve.org/view.php?id=CVE-2022-29273
22 Feb 2023 — pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. • https://docs.netgate.com/downloads/pfSense-SA-22_05.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •