Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opnsense opnsense vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38997
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary system commands as root via a crafted ZIP archive.
Opnsense Opnsense
NA
CVE-2023-38998
An open redirect in the Login page of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to redirect a victim user to an arbitrary web site via a crafted URL.
Opnsense Opnsense
NA
CVE-2023-38999
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to cause a Denial of Service (DoS) via a crafted GET request.
Opnsense Opnsense
NA
CVE-2023-39000
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to inject arbitrary JavaScript via the URL path.
Opnsense Opnsense
NA
CVE-2023-39001
A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary commands via a crafted backup configuration file.
Opnsense Opnsense
NA
CVE-2023-39002
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Opnsense Opnsense
NA
CVE-2023-39003
OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 exists to contain insecure permissions in the directory /tmp.
Opnsense Opnsense
NA
CVE-2023-39004
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allow malicious users to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
Opnsense Opnsense
NA
CVE-2023-39005
Insecure permissions exist for configd.socket in OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2.
Opnsense Opnsense
NA
CVE-2023-39006
The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 mishandles input sanitization.
Opnsense Opnsense
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »