Vulnerabilities > Netgate

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
5.9
2023-12-06 CVE-2023-48123 Unspecified vulnerability in Netgate Pfsense and Pfsense Plus
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.
network
low complexity
netgate
8.8
2023-11-14 CVE-2023-42326 Command Injection vulnerability in Netgate Pfsense and Pfsense Plus
An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.
network
low complexity
netgate CWE-77
8.8
2023-11-14 CVE-2023-42325 Cross-site Scripting vulnerability in Netgate Pfsense 2.7.0
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.
network
low complexity
netgate CWE-79
5.4
2023-11-14 CVE-2023-42327 Cross-site Scripting vulnerability in Netgate Pfsense 2.7.0
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.
network
low complexity
netgate CWE-79
5.4
2023-03-17 CVE-2023-27253 XML Injection (aka Blind XPath Injection) vulnerability in Netgate Pfsense 2.7.0
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
network
low complexity
netgate CWE-91
8.8
2023-02-22 CVE-2022-29273 Cross-site Scripting vulnerability in Netgate Pfsense
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.
network
low complexity
netgate CWE-79
6.1
2022-12-15 CVE-2020-21219 Cross-site Scripting vulnerability in Netgate Acme and Pfsense
Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.
network
low complexity
netgate CWE-79
6.1
2022-09-05 CVE-2022-31814 OS Command Injection vulnerability in Netgate Pfblockerng 2.1.426
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header.
network
low complexity
netgate CWE-78
critical
9.8
2022-03-31 CVE-2021-20729 Cross-site Scripting vulnerability in multiple products
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
4.3