This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Netgate First view 2023-02-22
Product Pfsense Last view 2023-12-06
Version 2.7.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:netgate:pfsense

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2023-12-06 CVE-2023-48123

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.
5.4 2023-11-14 CVE-2023-42327

Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page.
8.8 2023-11-14 CVE-2023-42326

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.
5.4 2023-11-14 CVE-2023-42325

Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.
8.8 2023-03-17 CVE-2023-27253

A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
6.1 2023-02-22 CVE-2022-29273

pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.

CWE : Common Weakness Enumeration

%idName
60% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
20% (1) CWE-91 XML Injection (aka Blind XPath Injection)
20% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...