Known Vulnerabilities for products from Pfsense
Listed below are 16 of the newest known vulnerabilities associated with the vendor "Pfsense".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23993 | /usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_filter'] in a PHP echo call. | 6.1 - MEDIUM | 2022-01-26 | 2022-04-29 |
| CVE-2021-41282 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-03-01 | 2022-07-12 |
| CVE-2021-27933 | pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field. | 6.1 - MEDIUM | 2021-04-28 | 2021-05-01 |
| CVE-2021-20729 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-03-31 | 2022-04-08 |
| CVE-2020-26693 | A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker t... | 5.4 - MEDIUM | 2021-06-01 | 2021-06-09 |
| CVE-2020-19678 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-04-06 | 2023-04-18 |
| CVE-2020-19203 | An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of... | 5.4 - MEDIUM | 2021-07-12 | 2022-05-13 |
| CVE-2020-19201 | A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGU... | 5.4 - MEDIUM | 2021-07-12 | 2021-09-14 |
| CVE-2019-18667 | /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user wit... | 6.1 - MEDIUM | 2019-11-02 | 2019-11-07 |
| CVE-2016-10709 | pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_g... | 8.8 - HIGH | 2018-01-22 | 2018-02-09 |
| CVE-2014-4696 | Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers ... | 5.8 - MEDIUM | 2014-07-02 | 2019-05-30 |
| CVE-2014-4695 | Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to... | 5.8 - MEDIUM | 2014-07-02 | 2019-05-30 |
| CVE-2014-4694 | Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfS... | 4.3 - MEDIUM | 2014-07-02 | 2019-05-30 |
| CVE-2014-4693 | Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote... | 4.3 - MEDIUM | 2014-07-02 | 2019-05-30 |
| CVE-2011-5047 | Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject ar... | 4.3 - MEDIUM | 2012-01-03 | 2017-08-29 |
| CVE-2011-4197 | etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the ... | 7.5 - HIGH | 2012-01-03 | 2017-08-29 |
Known software with vulnerabilities from Pfsense
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pfsense | Pfsense | 1.2 |
| Application | Pfsense | Pfsense-pkg-freeradius3 | 0.15.7_3 |
| Application | Pfsense | Snort Package | 3.0.12 |
| Application | Pfsense | Suricata Package | 1.0.5 |