Known Vulnerabilities for products from Pfsense
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Pfsense".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-29975 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2023-11-09 | 2023-11-16 |
| CVE-2023-29974 json | An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. | 9.8 - CRITICAL | 2023-11-08 | 2023-11-16 |
| CVE-2023-29973 json | Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in fi... | 4.9 - MEDIUM | 2023-10-25 | 2023-10-31 |
| CVE-2023-27100 json | Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1... | 9.8 - CRITICAL | 2023-03-22 | 2023-04-10 |
| CVE-2022-42247 json | pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulner... | 6.1 - MEDIUM | 2022-10-03 | 2022-10-05 |
| CVE-2022-40624 json | pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host heade... | 9.8 - CRITICAL | 2022-12-20 | 2022-12-28 |
| CVE-2022-23993 json | /usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_filter'] in a PHP echo call. | 6.1 - MEDIUM | 2022-01-26 | 2022-04-29 |
| CVE-2022-21132 json | Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-... | 6.5 - MEDIUM | 2022-03-10 | 2022-03-15 |
| CVE-2021-41282 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-03-01 | 2022-07-12 |
| CVE-2021-27933 json | pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field. | 6.1 - MEDIUM | 2021-04-28 | 2021-05-01 |
| CVE-2021-20729 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-03-31 | 2022-04-08 |
| CVE-2020-26693 json | A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker t... | 5.4 - MEDIUM | 2021-06-01 | 2021-06-09 |
| CVE-2020-19678 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-04-06 | 2023-04-18 |
| CVE-2020-19203 json | An authenticated Cross-Site Scripting (XSS) vulnerability was found in widgets/widgets/wake_on_lan_widget.php, a component of... | 5.4 - MEDIUM | 2021-07-12 | 2022-05-13 |
| CVE-2020-19201 json | A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGU... | 5.4 - MEDIUM | 2021-07-12 | 2021-09-14 |
| CVE-2019-18667 json | /usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user wit... | 6.1 - MEDIUM | 2019-11-02 | 2019-11-07 |
| CVE-2016-10709 json | pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_g... | 8.8 - HIGH | 2018-01-22 | 2018-02-09 |
| CVE-2014-4696 json | Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers ... | 5.8 - MEDIUM | 2014-07-02 | 2019-05-30 |
| CVE-2014-4695 json | Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to... | 5.8 - MEDIUM | 2014-07-02 | 2019-05-30 |
| CVE-2014-4694 json | Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfS... | 4.3 - MEDIUM | 2014-07-02 | 2019-05-30 |
Known software with vulnerabilities from Pfsense
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pfsense | Pfsense | 1.2 |
| Application | Pfsense | Pfsense-pkg-freeradius3 | 0.15.7_3 |
| Application | Pfsense | Snort Package | 3.0.12 |
| Application | Pfsense | Suricata Package | 1.0.5 |