VYPR

pfBlockerNG

by Pfsense

CVEs (2)

  • CVE-2022-31814Sep 5, 2022
    risk 0.10cvss epss 0.86

    pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.

  • CVE-2022-40624Dec 20, 2022
    risk 0.07cvss epss 0.17

    pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814.