Vulnerabilities > Opnsense > Opnsense > 19.7.8

DATE CVE VULNERABILITY TITLE RISK
2023-08-09 CVE-2023-39005 Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense
Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2.
network
low complexity
opnsense CWE-732
7.5
7.5
2023-08-09 CVE-2023-39006 Cross-site Scripting vulnerability in Opnsense
The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.
network
low complexity
opnsense CWE-79
5.4
5.4
2023-08-09 CVE-2023-39007 Cross-site Scripting vulnerability in Opnsense
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.
network
low complexity
opnsense CWE-79
critical
 9.6
9.6
2023-08-09 CVE-2023-39008 Command Injection vulnerability in Opnsense
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands.
network
low complexity
opnsense CWE-77
critical
 9.8
9.8
2021-05-03 CVE-2020-23015 Open Redirect vulnerability in Opnsense
An open redirect issue was discovered in OPNsense through 20.1.5.
network
opnsense CWE-601
5.8
5.8