CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-48123
https://notcve.org/view.php?id=CVE-2023-48123
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. Un problema en Netgate pfSense Plus v.23.05.1 y anteriores y pfSense CE v.2.7.0 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud manipulada al archivo packet_capture.php. • https://github.com/NHPT/CVE-2023-48123 https://docs.netgate.com/downloads/pfSense-SA-23_11.webgui.asc https://github.com/pfsense/pfsense/commit/f72618c4abb61ea6346938d0c93df9078736b775 https://redmine.pfsense.org/issues/14809 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42326
https://notcve.org/view.php?id=CVE-2023-42326
An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. Un problema en Netgate pfSense v.2.7.0 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud manipulada a los componentes interfaces_gif_edit.php e interfaces_gre_edit.php. • https://docs.netgate.com/downloads/pfSense-SA-23_10.webgui.asc https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29273
https://notcve.org/view.php?id=CVE-2022-29273
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. • https://docs.netgate.com/downloads/pfSense-SA-22_05.webgui.asc https://docs.netgate.com/pfsense/en/latest/releases/index.html#current-and-upcoming-supported-releases https://redmine.pfsense.org/issues/13060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26019
https://notcve.org/view.php?id=CVE-2022-26019
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. Una vulnerabilidad de control de acceso inapropiado en pfSense CE y pfSense Plus (versiones de software de pfSense CE anteriores a 2.6.0 y versiones de software de pfSense Plus anteriores a 22.01) permite que un atacante remoto con el privilegio de cambiar la configuración del GPS NTP reescriba los archivos existentes en el sistema de archivos, lo que puede resultar en una ejecución de un comando arbitrario • https://docs.netgate.com/downloads/pfSense-SA-22_01.webgui.asc https://jvn.jp/en/jp/JVN87751554/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24299
https://notcve.org/view.php?id=CVE-2022-24299
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command. Una vulnerabilidad de comprobación de entrada inapropiada en pfSense CE y pfSense Plus (versiones de software de pfSense CE anteriores a 2.6.0 y versiones de software de pfSense Plus anteriores a 22.01) permite a un atacante remoto con el privilegio de cambiar la configuración del cliente o del servidor OpenVPN ejecutar un comando arbitrario • https://docs.netgate.com/downloads/pfSense-SA-22_03.webgui.asc https://jvn.jp/en/jp/JVN87751554/index.html • CWE-20: Improper Input Validation •