Latest netgate pfsense plus Vulnerabilities

● CVE-2023-48795

Prefix Truncation Attacks in SSH Specification (Terrapin Attack)

pip/paramiko>=2.5.0<3.4.0

go/golang.org/x/crypto<0.17.0

rust/russh<0.40.2

Apple macOS Sonoma<14.4

Openbsd Openssh<9.6

Putty Putty<0.80

and 128 more

● CVE-2023-42326

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.

Netgate pfSense<=2.7.0

Netgate pfSense Plus<=23.05.1

pfSense pfSense=2.7.0

pfSense pfSense Plus=23.05.01

● CVE-2023-27100

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force prot...

Netgate pfSense Plus=22.05.1

pfSense pfSense=2.6.0

● CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the p...

Netgate pfSense<2.6.0

Netgate pfSense Plus<22.01

● CVE-2021-20729

Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inj...

Netgate pfSense Plus<=21.05

pfSense pfSense<=2.5.2

● CVE-2022-24299

Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the...

Netgate pfSense<2.6.0

Netgate pfSense Plus<22.01

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.