Known Vulnerabilities for products from Netgate
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Netgate".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-48795 json | 5.9 - MEDIUM | 2023-12-18 | 2024-03-13 | |
| CVE-2023-42327 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2023-11-14 | 2023-11-16 |
| CVE-2023-42326 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-14 | 2023-11-17 |
| CVE-2023-42325 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2023-11-14 | 2023-11-16 |
| CVE-2023-27253 json | A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers ... | 8.8 - HIGH | 2023-03-17 | 2023-07-13 |
| CVE-2023-27100 json | Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1... | 9.8 - CRITICAL | 2023-03-22 | 2023-04-10 |
| CVE-2022-31814 json | pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacter... | 9.8 - CRITICAL | 2022-09-05 | 2023-08-08 |
| CVE-2022-29273 json | pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters. | 6.1 - MEDIUM | 2023-02-22 | 2023-04-10 |
| CVE-2022-26019 json | Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense... | 8.8 - HIGH | 2022-03-31 | 2023-08-08 |
| CVE-2022-24299 json | Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSen... | 8.8 - HIGH | 2022-03-31 | 2022-04-07 |
| CVE-2021-20729 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-03-31 | 2022-04-08 |
| CVE-2020-21487 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.6 - CRITICAL | 2023-04-04 | 2023-04-10 |
| CVE-2020-21219 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-12-15 | 2022-12-19 |
| CVE-2020-19203 json | An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of... | 5.4 - MEDIUM | 2021-07-12 | 2022-05-13 |
| CVE-2020-19201 json | A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGU... | 5.4 - MEDIUM | 2021-07-12 | 2021-09-14 |
| CVE-2020-11457 json | pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) ... | 5.4 - MEDIUM | 2020-04-01 | 2020-04-06 |
| CVE-2020-10797 json | An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing i... | 6.1 - MEDIUM | 2020-04-29 | 2020-05-01 |
| CVE-2019-16915 json | An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly... | 9.8 - CRITICAL | 2019-09-26 | 2021-07-21 |
| CVE-2019-16914 json | An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameter... | 6.1 - MEDIUM | 2019-09-26 | 2019-09-27 |
| CVE-2019-16701 json | pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php cal... | 8.8 - HIGH | 2019-09-25 | 2019-09-25 |