Vulnerabilities > Netgate
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-48795 | Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead kitty-project gentoo CWE-354 | 5.9 |
| 2023-12-06 | CVE-2023-48123 | Unspecified vulnerability in Netgate Pfsense and Pfsense Plus An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. | 8.8 |
| 2023-11-14 | CVE-2023-42326 | Command Injection vulnerability in Netgate Pfsense and Pfsense Plus An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | 8.8 |
| 2023-11-14 | CVE-2023-42325 | Cross-site Scripting vulnerability in Netgate Pfsense 2.7.0 Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. | 5.4 |
| 2023-11-14 | CVE-2023-42327 | Cross-site Scripting vulnerability in Netgate Pfsense 2.7.0 Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. | 5.4 |
| 2023-03-17 | CVE-2023-27253 | XML Injection (aka Blind XPath Injection) vulnerability in Netgate Pfsense 2.7.0 A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml. | 8.8 |
| 2023-02-22 | CVE-2022-29273 | Cross-site Scripting vulnerability in Netgate Pfsense pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. | 6.1 |
| 2022-12-15 | CVE-2020-21219 | Cross-site Scripting vulnerability in Netgate Acme and Pfsense Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package. | 6.1 |
| 2022-09-05 | CVE-2022-31814 | OS Command Injection vulnerability in Netgate Pfblockerng 2.1.426 pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. | 9.8 |
| 2022-03-31 | CVE-2021-20729 | Cross-site Scripting vulnerability in multiple products Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL. | 4.3 |