Vulnerabilities > Opnsense > Opnsense > 18.7.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-09 | CVE-2023-39005 | Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. | 7.5 |
| 2023-08-09 | CVE-2023-39006 | Cross-site Scripting vulnerability in Opnsense The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization. | 5.4 |
| 2023-08-09 | CVE-2023-39007 | Cross-site Scripting vulnerability in Opnsense /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. | 9.6 |
| 2023-08-09 | CVE-2023-39008 | Command Injection vulnerability in Opnsense A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. | 9.8 |
| 2021-11-08 | CVE-2021-42770 | Cross-site Scripting vulnerability in Opnsense A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester. | 4.3 |
| 2021-05-03 | CVE-2020-23015 | Open Redirect vulnerability in Opnsense An open redirect issue was discovered in OPNsense through 20.1.5. | 5.8 |
| 2019-06-17 | CVE-2018-18958 | Improper Access Control vulnerability in Opnsense OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. | 4.0 |
| 2019-05-20 | CVE-2019-11816 | Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request. | 6.5 |