Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netgate vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2018-4021
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to s...
Netgate Pfsense 2.4.4
5.4
CVSSv3
CVE-2023-42325
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote malicious user to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.
Netgate Pfsense 2.7.0
5.4
CVSSv3
CVE-2023-42327
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote malicious user to gain privileges via a crafted URL to the getserviceproviders.php page.
Netgate Pfsense 2.7.0
7.5
CVSSv3
CVE-2018-20799
In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for ...
Netgate Pfsense 2.4.4
8.8
CVSSv3
CVE-2023-27253
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated malicious users to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
Netgate Pfsense 2.7.0
8.8
CVSSv3
CVE-2019-16667
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.
Netgate Pfsense 2.4.4
6.1
CVSSv3
CVE-2019-12347
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors.
Netgate Pfsense 2.4.4
1 EDB exploit
7.5
CVSSv3
CVE-2018-20798
The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for malicious users to bypass intended access restrictions.
Netgate Pfsense 2.4.4
6.1
CVSSv3
CVE-2021-20729
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and previous versions, and pfSense Plus software versions 21.05 and previous versions) allows a remote malicious user to inject an arbitrary script via a malicious URL.
Netgate Pfsense Plus
Pfsense Pfsense
8.8
CVSSv3
CVE-2017-1000479
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of...
Opnsense Project Opnsense
Netgate Pfsense
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »