Vulnerabilities > Opnsense > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-09 CVE-2023-38997 Path Traversal vulnerability in Opnsense
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.
network
low complexity
opnsense CWE-22
7.2
2023-08-09 CVE-2023-39003 Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense
OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp.
network
low complexity
opnsense CWE-732
7.5
2023-08-09 CVE-2023-39005 Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense
Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2.
network
low complexity
opnsense CWE-732
7.5
2019-05-20 CVE-2019-11816 Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
network
low complexity
netgate opnsense
7.2