Known Vulnerabilities for products from Netgate
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Netgate".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-20729 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-03-31 | 2022-04-08 |
| CVE-2020-21487 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.6 - CRITICAL | 2023-04-04 | 2023-04-10 |
| CVE-2020-21219 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-12-15 | 2022-12-19 |
| CVE-2020-19203 | An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of... | 5.4 - MEDIUM | 2021-07-12 | 2022-05-13 |
| CVE-2020-19201 | A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGU... | 5.4 - MEDIUM | 2021-07-12 | 2021-09-14 |
| CVE-2020-11457 | pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) ... | 5.4 - MEDIUM | 2020-04-01 | 2020-04-06 |
| CVE-2020-10797 | An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing i... | 6.1 - MEDIUM | 2020-04-29 | 2020-05-01 |
| CVE-2019-16915 | An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly... | 9.8 - CRITICAL | 2019-09-26 | 2021-07-21 |
| CVE-2019-16914 | An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameter... | 6.1 - MEDIUM | 2019-09-26 | 2019-09-27 |
| CVE-2019-16701 | pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php cal... | 8.8 - HIGH | 2019-09-25 | 2019-09-25 |
| CVE-2019-16667 | diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS... | 8.8 - HIGH | 2019-09-26 | 2020-07-27 |
| CVE-2019-12949 | In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a ph... | 6.1 - MEDIUM | 2019-06-25 | 2019-06-25 |
| CVE-2019-12585 | Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in... | 9.8 - CRITICAL | 2019-06-03 | 2020-08-24 |
| CVE-2019-12584 | Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php. | 6.1 - MEDIUM | 2019-06-03 | 2019-06-04 |
| CVE-2019-12347 | In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via... | 6.1 - MEDIUM | 2019-05-29 | 2019-05-30 |
| CVE-2019-11816 | Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authentica... | 7.2 - HIGH | 2019-05-20 | 2020-08-24 |
| CVE-2019-8953 | The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related... | 6.1 - MEDIUM | 2019-02-20 | 2019-03-14 |
| CVE-2018-20799 | In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking... | 7.5 - HIGH | 2019-03-01 | 2019-10-03 |
| CVE-2018-20798 | The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations i... | 7.5 - HIGH | 2019-03-01 | 2020-08-24 |
| CVE-2018-16055 | An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense befor... | 8.8 - HIGH | 2018-09-26 | 2019-10-03 |