Filtered by vendor Netgate
Subscribe
Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4692 | 1 Netgate | 1 Pfsense | 2019-05-30 | 4.3 MEDIUM | N/A |
| pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2014-4691 | 1 Netgate | 1 Pfsense | 2019-05-30 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie. | |||||
| CVE-2014-4689 | 1 Netgate | 1 Pfsense | 2019-05-30 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter. | |||||
| CVE-2014-4688 | 1 Netgate | 1 Pfsense | 2019-05-30 | 6.5 MEDIUM | N/A |
| pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php. | |||||
| CVE-2019-8953 | 1 Netgate | 1 Haproxy | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. | |||||