Vulnerabilities > Netgate > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-05 | CVE-2022-31814 | OS Command Injection vulnerability in Netgate Pfblockerng 2.1.426 pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. | 9.8 |
| 2019-09-25 | CVE-2019-16701 | OS Command Injection vulnerability in Netgate Pfsense pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value. | 9.0 |
| 2018-09-26 | CVE-2018-16055 | OS Command Injection vulnerability in Netgate Pfsense An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. | 9.0 |