This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Pfsense First view 2012-01-03
Product Pfsense Last view 2022-03-31
Version 1.0.x Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:pfsense:pfsense

Activity : Overall

Related : CVE

  Date Alert Description
6.1 2022-03-31 CVE-2021-20729

Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
6.1 2022-01-26 CVE-2022-23993

/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
8.8 2018-01-21 CVE-2016-10709

pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
4.3 2012-01-03 CVE-2011-5047

Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the style parameter.
7.5 2012-01-03 CVE-2011-4197

etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.

CWE : Common Weakness Enumeration

%idName
60% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
20% (1) CWE-264 Permissions, Privileges, and Access Controls
20% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

Open Source Vulnerability Database (OSVDB)

id Description
77982 pfSense CA x.509 Certificate TRUE Arbitrary Sub-Certificate Issuing Weakness
77981 pfSense status_rrd_graph.php style Parameter XSS