Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opnsense opnsense vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2018-18958
OPNsense 18.7.x prior to 18.7.7 has Incorrect Access Control.
Opnsense Opnsense
NA
CVE-2023-38997
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary system commands as root via a crafted ZIP archive.
Opnsense Opnsense
NA
CVE-2023-38998
An open redirect in the Login page of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to redirect a victim user to an arbitrary web site via a crafted URL.
Opnsense Opnsense
NA
CVE-2023-38999
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to cause a Denial of Service (DoS) via a crafted GET request.
Opnsense Opnsense
NA
CVE-2023-39000
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to inject arbitrary JavaScript via the URL path.
Opnsense Opnsense
NA
CVE-2023-39001
A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary commands via a crafted backup configuration file.
Opnsense Opnsense
NA
CVE-2023-39002
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Opnsense Opnsense
NA
CVE-2023-39003
OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 exists to contain insecure permissions in the directory /tmp.
Opnsense Opnsense
NA
CVE-2023-39004
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allow malicious users to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
Opnsense Opnsense
NA
CVE-2023-39005
Insecure permissions exist for configd.socket in OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2.
Opnsense Opnsense
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »