The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of pfSense

cybersecurity alert CVE-2019-12949

pfSense: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of pfSense, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 26/06/2019.
Identifiers: CVE-2019-12949, VIGILANCE-VUL-29628.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of pfSense, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2019-5597

FreeBSD: denial of service via IPv6

Synthesis of the vulnerability

An attacker can send fragmented IPv6 packets to FreeBSD, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 15/05/2019.
Identifiers: cpujul2019, CVE-2019-5597, FreeBSD-SA-19:05.pf, VIGILANCE-VUL-29304.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can send fragmented IPv6 packets to FreeBSD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-12126 CVE-2018-12127 CVE-2018-12130

Intel processors: information disclosure via performance measurement

Synthesis of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/05/2019.
Revision date: 15/05/2019.
Identifiers: 1074268, 1103481, CERTFR-2019-AVI-209, CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CERTFR-2019-AVI-213, CERTFR-2019-AVI-215, CERTFR-2019-AVI-217, CERTFR-2019-AVI-229, CERTFR-2019-AVI-230, CERTFR-2019-AVI-233, CERTFR-2019-AVI-311, CERTFR-2019-AVI-458, CERTFR-2019-AVI-489, CTX251995, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, DLA-1787-1, DLA-1789-1, DLA-1789-2, DLA-1799-1, DLA-1799-2, DSA-4444-1, DSA-4447-1, DSA-4447-2, FEDORA-2019-0731828893, FEDORA-2019-1f5832fc0e, FEDORA-2019-640f8d8dd1, FEDORA-2019-6458474bf2, FEDORA-2019-c36afa818c, FEDORA-2019-e6bf55e821, FEDORA-2019-eb08fb0c5f, FG-IR-18-002, FreeBSD-SA-19:07.mds, FreeBSD-SA-19:26.mcu, HPESBHF03933, INTEL-SA-00233, openSUSE-SU-2019:1402-1, openSUSE-SU-2019:1403-1, openSUSE-SU-2019:1404-1, openSUSE-SU-2019:1405-1, openSUSE-SU-2019:1407-1, openSUSE-SU-2019:1408-1, openSUSE-SU-2019:1419-1, openSUSE-SU-2019:1420-1, openSUSE-SU-2019:1468-1, openSUSE-SU-2019:1505-1, openSUSE-SU-2019:1805-1, openSUSE-SU-2019:1806-1, PAN-SA-2019-0012, RHSA-2019:1155-01, RHSA-2019:1167-01, RHSA-2019:1168-01, RHSA-2019:1169-01, RHSA-2019:1170-01, RHSA-2019:1171-01, RHSA-2019:1172-01, RHSA-2019:1174-01, RHSA-2019:1175-01, RHSA-2019:1176-01, RHSA-2019:1177-01, RHSA-2019:1178-01, RHSA-2019:1180-01, RHSA-2019:1181-01, RHSA-2019:1182-01, RHSA-2019:1183-01, RHSA-2019:1184-01, RHSA-2019:1185-01, RHSA-2019:1186-01, RHSA-2019:1187-01, RHSA-2019:1188-01, RHSA-2019:1189-01, RHSA-2019:1190-01, RHSA-2019:1193-01, RHSA-2019:1194-01, RHSA-2019:1195-01, RHSA-2019:1196-01, RHSA-2019:1197-01, RHSA-2019:1198-01, SB10292, SSA-608355, SSA-616472, SUSE-SU-2019:1235-1, SUSE-SU-2019:1236-1, SUSE-SU-2019:1238-1, SUSE-SU-2019:1239-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1243-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, SUSE-SU-2019:1248-1, SUSE-SU-2019:1268-1, SUSE-SU-2019:1269-1, SUSE-SU-2019:1272-1, SUSE-SU-2019:1287-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:1296-1, SUSE-SU-2019:1313-1, SUSE-SU-2019:1347-1, SUSE-SU-2019:1348-1, SUSE-SU-2019:1349-1, SUSE-SU-2019:1356-1, SUSE-SU-2019:1371-1, SUSE-SU-2019:14048-1, SUSE-SU-2019:14051-1, SUSE-SU-2019:14052-1, SUSE-SU-2019:14063-1, SUSE-SU-2019:14133-1, SUSE-SU-2019:1423-1, SUSE-SU-2019:1438-1, SUSE-SU-2019:1452-1, SUSE-SU-2019:1490-1, SUSE-SU-2019:1547-1, SUSE-SU-2019:1550-1, SUSE-SU-2019:1909-1, SUSE-SU-2019:1910-1, SUSE-SU-2019:1954-1, SUSE-SU-2019:2430-1, Synology-SA-19:24, USN-3977-1, USN-3977-2, USN-3977-3, USN-3978-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, USN-3982-1, USN-3982-2, USN-3983-1, USN-3983-2, USN-3984-1, USN-3985-1, USN-3985-2, VIGILANCE-VUL-29300, VMSA-2019-0008, XSA-297, ZombieLoad.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2019-5598

FreeBSD: adress based IP filtering bypass

Synthesis of the vulnerability

An attacker can tamper with the IP addresse of a an IP packet nested in an ICMP one, in order to bypass the FreeBSD packet filter.
Severity: 1/4.
Creation date: 15/05/2019.
Identifiers: cpujul2019, CVE-2019-5598, FreeBSD-SA-19:06.pf, VIGILANCE-VUL-29303.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can tamper with the IP addresse of a an IP packet nested in an ICMP one, in order to bypass the FreeBSD packet filter.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2019-11555

wpasupplicant: NULL pointer dereference via eap_server_pwd.c, eap_pwd.c

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via eap_server_pwd.c, eap_pwd.c of wpasupplicant, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 07/05/2019.
Identifiers: CVE-2019-11555, DLA-1867-1, DSA-4450-1, FEDORA-2019-28d3ca93d2, FEDORA-2019-d6bc3771a4, FEDORA-2019-ff1b728d09, FreeBSD-SA-19:03.wpa, USN-3969-1, USN-3969-2, VIGILANCE-VUL-29244.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via eap_server_pwd.c, eap_pwd.c of wpasupplicant, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2019-8936

NTP.org: NULL pointer dereference via Authenticated Mode 6

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via Authenticated Mode 6 of NTP.org, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 08/03/2019.
Identifiers: 3565, bulletinapr2019, CVE-2019-8936, DSA-2019-093, FEDORA-2019-694e3aa4e8, FEDORA-2019-f781d5c4c6, FreeBSD-SA-19:04.ntp, NTAP-20190503-0001, openSUSE-SU-2019:1143-1, openSUSE-SU-2019:1158-1, SSA:2019-067-01, SUSE-SU-2019:0775-1, SUSE-SU-2019:0777-1, SUSE-SU-2019:0789-1, SUSE-SU-2019:13991-1, SUSE-SU-2019:14004-1, VIGILANCE-VUL-28701.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via Authenticated Mode 6 of NTP.org, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2018-20798 CVE-2018-20799

pfSense: privilege escalation via SSHGUARD IP Blocking

Synthesis of the vulnerability

An attacker can bypass restrictions via SSHGUARD IP Blocking of pfSense, in order to escalate his privileges.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/03/2019.
Identifiers: CVE-2018-20798, CVE-2018-20799, VIGILANCE-VUL-28644.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via SSHGUARD IP Blocking of pfSense, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-8953

pfSense HAProxy: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of pfSense HAProxy, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 21/02/2019.
Identifiers: CVE-2019-8953, VIGILANCE-VUL-28578.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The pfSense HAProxy product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of pfSense HAProxy, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert 28386

pfSense: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of pfSense, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 29/01/2019.
Identifiers: VIGILANCE-VUL-28386.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The pfSense product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of pfSense, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2018-4019 CVE-2018-4020 CVE-2018-4021

pfSense: privilege escalation via system_advanced_misc.php

Synthesis of the vulnerability

An attacker can bypass restrictions via system_advanced_misc.php of pfSense, in order to escalate his privileges.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 03/12/2018.
Identifiers: CVE-2018-4019, CVE-2018-4020, CVE-2018-4021, pfSense-SA-18_09.webgui, TALOS-2018-0690, VIGILANCE-VUL-27937.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via system_advanced_misc.php of pfSense, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about pfSense: