VYPR
Vendor

Arubanetworks

Products
74
CVEs
577
Across products
611
Status
Private

Products

74
View all 74 products →

Recent CVEs

577
View all 577 CVEs →
  • CVE-2017-5638CriKEVMar 11, 2017
    risk 0.86cvss 9.8epss 1.00

    The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,…

  • CVE-2017-14491CriOct 4, 2017
    risk 0.73cvss 9.8epss 0.85

    Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

  • CVE-2017-8976CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.19

    A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

  • CVE-2017-8975CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.19

    A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

  • CVE-2017-5824CriFeb 15, 2018
    risk 0.65cvss 9.8epss 0.20

    An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

  • CVE-2024-42505CriSep 25, 2024
    risk 0.64cvss 9.8epss 0.01

    Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these…

  • CVE-2018-7072CriAug 6, 2018
    risk 0.64cvss 9.8epss 0.03

    A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.

  • CVE-2018-7058CriAug 6, 2018
    risk 0.64cvss 9.8epss 0.04

    Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including…

  • CVE-2017-9000CriAug 6, 2018
    risk 0.64cvss 9.8epss 0.06

    ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file…

  • CVE-2014-2592CriMar 9, 2018
    risk 0.64cvss 9.8epss 0.02

    Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

  • CVE-2017-5802CriFeb 15, 2018
    risk 0.64cvss 9.8epss 0.02

    A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.

  • CVE-2015-4650CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.06

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.

  • CVE-2016-2034CriJun 8, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.

  • CVE-2016-2002CriApr 20, 2016
    risk 0.64cvss 9.8epss 0.03

    The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.

  • CVE-2016-1986CriFeb 12, 2016
    risk 0.64cvss 9.8epss 0.04

    HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

  • CVE-2016-8526HigAug 6, 2018
    risk 0.61cvss 8.8epss 0.10

    Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can…

  • CVE-2017-8977CriFeb 15, 2018
    risk 0.59cvss 9.1epss 0.04

    A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

  • CVE-2018-7060HigAug 6, 2018
    risk 0.57cvss 8.8epss 0.00

    Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.

  • CVE-2018-7059HigAug 6, 2018
    risk 0.57cvss 8.8epss 0.01

    Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only…

  • CVE-2017-5826HigFeb 15, 2018
    risk 0.57cvss 8.8epss 0.03

    An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.