Vulnerabilities > Opnsense

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-09	CVE-2023-39004	Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation. network low complexity opnsense CWE-732 critical	9.8
2023-08-09	CVE-2023-39005	Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. network low complexity opnsense CWE-732	7.5
2023-08-09	CVE-2023-39006	Cross-site Scripting vulnerability in Opnsense The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization. network low complexity opnsense CWE-79	5.4
2023-08-09	CVE-2023-39007	Cross-site Scripting vulnerability in Opnsense /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. network low complexity opnsense CWE-79 critical	9.6
2023-08-09	CVE-2023-39008	Command Injection vulnerability in Opnsense A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. network low complexity opnsense CWE-77 critical	9.8
2021-11-08	CVE-2021-42770	Cross-site Scripting vulnerability in Opnsense A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester. network low complexity opnsense CWE-79	6.1
2021-05-03	CVE-2020-23015	Open Redirect vulnerability in Opnsense An open redirect issue was discovered in OPNsense through 20.1.5. network low complexity opnsense CWE-601	6.1
2019-06-17	CVE-2018-18958	Improper Access Control vulnerability in Opnsense OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. network low complexity opnsense CWE-284	6.5
2019-05-20	CVE-2019-11816	Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request. network low complexity netgate opnsense	7.2

Vulnerabilities > Opnsense {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Opnsense"}]}

Vulnerabilities > Opnsense