Pfsense

pfsense

Vendor: Pfsense • 24 CVEs

CVEs (24)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-27933 1Pfsense 1Pfsense Nov 21, 2024 Apr 28, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
CVE-2016-10709 1Pfsense 1Pfsense Nov 21, 2024 Jan 22, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '\|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
CVE-2011-5047 1Pfsense 1Pfsense Apr 29, 2026 Jan 3, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the style parameter.
CVE-2011-4197 1Pfsense 1Pfsense Apr 29, 2026 Jan 3, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary sub...Show more etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.Show less