Summary
Detail | |||
---|---|---|---|
Vendor | Netgate | First view | 2023-02-22 |
Product | Pfsense | Last view | 2023-12-06 |
Version | 2.7.0 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:netgate:pfsense |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
8.8 | 2023-12-06 | CVE-2023-48123 | An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. |
5.4 | 2023-11-14 | CVE-2023-42327 | Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. |
8.8 | 2023-11-14 | CVE-2023-42326 | An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. |
5.4 | 2023-11-14 | CVE-2023-42325 | Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. |
8.8 | 2023-03-17 | CVE-2023-27253 | A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml. |
6.1 | 2023-02-22 | CVE-2022-29273 | pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
60% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
20% (1) | CWE-91 | XML Injection (aka Blind XPath Injection) |
20% (1) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |