Vulnerabilities > Netgate > Pfsense > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-06 CVE-2023-48123 Unspecified vulnerability in Netgate Pfsense and Pfsense Plus
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.
network
low complexity
netgate
8.8
2023-11-14 CVE-2023-42326 Command Injection vulnerability in Netgate Pfsense and Pfsense Plus
An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.
network
low complexity
netgate CWE-77
8.8
2023-03-17 CVE-2023-27253 XML Injection (aka Blind XPath Injection) vulnerability in Netgate Pfsense 2.7.0
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
network
low complexity
netgate CWE-91
8.8
2022-03-31 CVE-2022-26019 Path Traversal vulnerability in Netgate Pfsense and Pfsense Plus
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.
network
low complexity
netgate CWE-22
8.8
2019-09-26 CVE-2019-16915 Improper Input Validation vulnerability in Netgate Pfsense
An issue was discovered in pfSense through 2.4.4-p3.
network
low complexity
netgate CWE-20
7.5
2019-06-03 CVE-2019-12585 OS Command Injection vulnerability in multiple products
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.
network
low complexity
apcupsd netgate CWE-78
7.5
2015-02-27 CVE-2015-1414 Remote Denial of Service vulnerability in FreeBSD
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10.
network
low complexity
netgate debian freebsd
7.8