Vulnerabilities > Opnsense > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-09 | CVE-2023-38997 | Path Traversal vulnerability in Opnsense A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive. | 7.2 |
2023-08-09 | CVE-2023-39003 | Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. | 7.5 |
2023-08-09 | CVE-2023-39005 | Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. | 7.5 |
2019-05-20 | CVE-2019-11816 | Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request. | 7.2 |