CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-48123
https://notcve.org/view.php?id=CVE-2023-48123
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. Un problema en Netgate pfSense Plus v.23.05.1 y anteriores y pfSense CE v.2.7.0 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud manipulada al archivo packet_capture.php. • https://github.com/NHPT/CVE-2023-48123 https://docs.netgate.com/downloads/pfSense-SA-23_11.webgui.asc https://github.com/pfsense/pfsense/commit/f72618c4abb61ea6346938d0c93df9078736b775 https://redmine.pfsense.org/issues/14809 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42326
https://notcve.org/view.php?id=CVE-2023-42326
An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. Un problema en Netgate pfSense v.2.7.0 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud manipulada a los componentes interfaces_gif_edit.php e interfaces_gre_edit.php. • https://docs.netgate.com/downloads/pfSense-SA-23_10.webgui.asc https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-19678
https://notcve.org/view.php?id=CVE-2020-19678
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. • http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3 https://pastebin.com/8dj59053 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2020-21487
https://notcve.org/view.php?id=CVE-2020-21487
Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php. • https://github.com/pfsense/FreeBSD-ports/commit/a6f443cde51e7fcf17e51f16014d3589253284d8 https://redmine.pfsense.org/issues/9888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29273
https://notcve.org/view.php?id=CVE-2022-29273
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. • https://docs.netgate.com/downloads/pfSense-SA-22_05.webgui.asc https://docs.netgate.com/pfsense/en/latest/releases/index.html#current-and-upcoming-supported-releases https://redmine.pfsense.org/issues/13060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •