Vulnerabilities > Netgate > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-06 | CVE-2023-48123 | Unspecified vulnerability in Netgate Pfsense and Pfsense Plus An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. | 8.8 |
| 2023-11-14 | CVE-2023-42326 | Command Injection vulnerability in Netgate Pfsense and Pfsense Plus An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | 8.8 |
| 2023-03-17 | CVE-2023-27253 | XML Injection (aka Blind XPath Injection) vulnerability in Netgate Pfsense 2.7.0 A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml. | 8.8 |
| 2022-03-31 | CVE-2022-26019 | Path Traversal vulnerability in Netgate Pfsense and Pfsense Plus Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. | 8.8 |
| 2019-09-26 | CVE-2019-16915 | Improper Input Validation vulnerability in Netgate Pfsense An issue was discovered in pfSense through 2.4.4-p3. | 7.5 |
| 2019-06-03 | CVE-2019-12585 | OS Command Injection vulnerability in multiple products Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php. | 7.5 |
| 2015-02-27 | CVE-2015-1414 | Remote Denial of Service vulnerability in FreeBSD Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. | 7.8 |