Filtered by vendor Opnsense
Subscribe
Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39004 | 1 Opnsense | 1 Opnsense | 2023-08-15 | N/A | 9.8 CRITICAL |
| Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation. | |||||
| CVE-2023-38997 | 1 Opnsense | 1 Opnsense | 2023-08-15 | N/A | 9.8 CRITICAL |
| A directory traversal vulnerability in the Captive Portal templates of OPNsense before 23.7 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive. | |||||
| CVE-2023-39001 | 1 Opnsense | 1 Opnsense | 2023-08-15 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows attackers to execute arbitrary commands via a crafted backup configuration file. | |||||
| CVE-2023-39008 | 1 Opnsense | 1 Opnsense | 2023-08-14 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands. | |||||
| CVE-2023-39007 | 1 Opnsense | 1 Opnsense | 2023-08-11 | N/A | 9.6 CRITICAL |
| /ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS. | |||||