Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-12347
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors.
Netgate Pfsense 2.4.4
1 EDB exploit
5
CVSSv2
CVE-2018-20798
The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for malicious users to bypass intended access restrictions.
Netgate Pfsense 2.4.4
5
CVSSv2
CVE-2018-20799
In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for ...
Netgate Pfsense 2.4.4
6.5
CVSSv2
CVE-2018-4021
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to s...
Netgate Pfsense 2.4.4
6.8
CVSSv2
CVE-2017-1000479
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of...
Opnsense Project Opnsense
Netgate Pfsense
NA
CVE-2020-21219
Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote malicious users to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.
Netgate Pfsense 2.4.4
Netgate Acme 0.6.3
7.8
CVSSv2
CVE-2015-1414
Integer overflow in FreeBSD prior to 8.4 p24, 9.x prior to 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote malicious users to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory...
Netgate Pfsense 2.2.1
Debian Debian Linux 7.0
Freebsd Freebsd 8.4
Freebsd Freebsd 9.0
Freebsd Freebsd 9.1
Freebsd Freebsd 9.2
Freebsd Freebsd 10.1
Freebsd Freebsd 9.3
Freebsd Freebsd 10.0
4.3
CVSSv2
CVE-2021-27933
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
NA
CVE-2015-22941
pfSense version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
NA
CVE-2015-22952
pfSense version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »