) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ipfire:ipfire:2.1:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-36368 |
Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script. Published: October 24, 2022; 10:15:50 AM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2021-33393 |
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well. Published: June 09, 2021; 6:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2018-16232 |
An authenticated command injection vulnerability exists in IPFire Firewall before 2.21 Core Update 124 in backup.cgi. This allows an authenticated user with privileges for the affected page to execute arbitrary commands. Published: October 17, 2018; 10:29:01 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2017-9757 |
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF. Published: June 19, 2017; 9:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |