CVSS: 9.0EPSS: 55%CPEs: 2EXPL: 2CVE-2023-48123
https://notcve.org/view.php?id=CVE-2023-48123
06 Dec 2023 — An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. Un problema en Netgate pfSense Plus v.23.05.1 y anteriores y pfSense CE v.2.7.0 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud manipulada al archivo packet_capture.php. • https://github.com/NHPT/CVE-2023-48123 •
CVSS: 9.0EPSS: 83%CPEs: 2EXPL: 2CVE-2023-42326
https://notcve.org/view.php?id=CVE-2023-42326
14 Nov 2023 — An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. Un problema en Netgate pfSense v.2.7.0 permite a un atacante remoto ejecutar código arbitrario a través de una solicitud manipulada a los componentes interfaces_gif_edit.php e interfaces_gre_edit.php. • https://github.com/bl4ckarch/CVE-2023-42326 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29975
https://notcve.org/view.php?id=CVE-2023-29975
09 Nov 2023 — An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. Un problema descubierto en Pfsense CE versión 2.6.0 permite a los atacantes cambiar la contraseña de cualquier usuario sin verificación. • https://www.esecforte.com/cve-2023-29975-unverified-password-changed • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29974
https://notcve.org/view.php?id=CVE-2023-29974
08 Nov 2023 — An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. Un problema descubierto en Pfsense CE versión 2.6.0 permite a los atacantes comprometer cuentas de usuario mediante requisitos de contraseña débiles. • https://www.esecforte.com/cve-2023-29974-weak-password-policy • CWE-521: Weak Password Requirements •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29973
https://notcve.org/view.php?id=CVE-2023-29973
24 Oct 2023 — Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall. Pfsense CE versión 2.6.0 es vulnerable a No rate limit, lo que puede llevar a que un atacante cree múltiples usuarios maliciosos en el firewall. • https://www.esecforte.com/cve-2023-29973-no-rate-limit • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 4CVE-2023-27100 – pfsenseCE v2.6.0 - Anti-brute force protection bypass
https://notcve.org/view.php?id=CVE-2023-27100
22 Mar 2023 — Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests. pfsenseCE version 2.6.0 suffers from an anti-brute force protection bypass vulnerability. • https://packetstorm.news/files/id/171791 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.4EPSS: 45%CPEs: 2EXPL: 0CVE-2022-29273
https://notcve.org/view.php?id=CVE-2022-29273
22 Feb 2023 — pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. • https://docs.netgate.com/downloads/pfSense-SA-22_05.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •