Filtered by vendor Opnsense
Subscribe
Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39001 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file. | |||||
| CVE-2023-39000 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path. | |||||
| CVE-2023-38999 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-38998 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 6.1 MEDIUM |
| An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | |||||
| CVE-2023-38997 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 7.2 HIGH |
| A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive. | |||||
| CVE-2023-27152 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 9.8 CRITICAL |
| DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | |||||
| CVE-2021-42770 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester. | |||||
| CVE-2020-23015 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website. | |||||
| CVE-2019-11816 | 2 Netgate, Opnsense | 2 Pfsense, Opnsense | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request. | |||||
| CVE-2018-18958 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. | |||||