CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 4CVE-2023-27100 – pfsenseCE v2.6.0 - Anti-brute force protection bypass
https://notcve.org/view.php?id=CVE-2023-27100
22 Mar 2023 — Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests. pfsenseCE version 2.6.0 suffers from an anti-brute force protection bypass vulnerability. • https://packetstorm.news/files/id/171791 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20729
https://notcve.org/view.php?id=CVE-2021-20729
31 Mar 2022 — Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL. Una vulnerabilidad de tipo cross-site scripting en pfSense CE y pfSense Plus (software pfSense CE versiones 2.5.2 y anteriores, y software pfSense Plus versiones 21.05 y anteriores) permite a un atacante remoto inyectar un script arbitrario por medio de una URL malic... • https://docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23993
https://notcve.org/view.php?id=CVE-2022-23993
26 Jan 2022 — /usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS. /usr/local/www/pkg.php en pfSense CE antes de 2.6.0 y pfSense Plus antes de 22.01 utiliza $_REQUEST['pkg_filter'] en una llamada de eco de PHP, lo que provoca XSS • https://docs.netgate.com/downloads/pfSense-SA-22_04.webgui.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •