Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opnsense opnsense vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-27152
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing malicious users to perform a brute-force attack to bypass authentication.
Opnsense Opnsense 23.1
9.8
CVSSv3
CVE-2023-39001
A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary commands via a crafted backup configuration file.
Opnsense Opnsense
9.8
CVSSv3
CVE-2023-39004
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allow malicious users to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
Opnsense Opnsense
9.8
CVSSv3
CVE-2023-39008
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary system commands.
Opnsense Opnsense
9.6
CVSSv3
CVE-2023-39007
/ui/cron/item/open in the Cron component of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.
Opnsense Opnsense
8.8
CVSSv3
CVE-2017-1000479
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of...
Opnsense Project Opnsense
Netgate Pfsense
7.5
CVSSv3
CVE-2023-39003
OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 exists to contain insecure permissions in the directory /tmp.
Opnsense Opnsense
7.5
CVSSv3
CVE-2023-39005
Insecure permissions exist for configd.socket in OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2.
Opnsense Opnsense
7.2
CVSSv3
CVE-2023-38997
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition prior to 23.7 and Business Edition prior to 23.4.2 allows malicious users to execute arbitrary system commands as root via a crafted ZIP archive.
Opnsense Opnsense
7.2
CVSSv3
CVE-2019-11816
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense prior to 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
Netgate Pfsense 2.4.4
Netgate Pfsense
Opnsense Opnsense
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »