VYPR

Vendor CVEs

Arubanetworks

All CVEs

577 total · sorted by risk
  • CVE-2020-24633Dec 11, 2020
    risk 0.00cvss epss 0.05

    There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway;…

  • CVE-2020-24634Dec 11, 2020
    risk 0.00cvss epss 0.02

    An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200…

  • CVE-2020-7128Nov 4, 2020
    risk 0.00cvss epss 0.02

    A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-7129Nov 4, 2020
    risk 0.00cvss epss 0.03

    A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-7126Oct 26, 2020
    risk 0.00cvss epss 0.01

    A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-7125Oct 26, 2020
    risk 0.00cvss epss 0.01

    A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-7124Oct 26, 2020
    risk 0.00cvss epss 0.01

    A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-24632Oct 26, 2020
    risk 0.00cvss epss 0.03

    A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-24631Oct 26, 2020
    risk 0.00cvss epss 0.03

    A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

  • CVE-2020-7119Sep 4, 2020
    risk 0.00cvss epss 0.01

    A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user.

  • CVE-2019-5321Aug 26, 2020
    risk 0.00cvss epss 0.02

    Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI.

  • CVE-2019-5320Aug 26, 2020
    risk 0.00cvss epss 0.01

    Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code.

  • CVE-2020-7205Jul 30, 2020
    risk 0.00cvss epss 0.00

    A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. **Note:** This vulnerability is…

  • CVE-2020-7206Jul 17, 2020
    risk 0.00cvss epss 0.02

    HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability.

  • CVE-2020-7116Jun 3, 2020
    risk 0.00cvss epss 0.03

    The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying…

  • CVE-2020-7117Jun 3, 2020
    risk 0.00cvss epss 0.03

    The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying…

  • CVE-2020-11844May 29, 2020
    risk 0.00cvss epss 0.02

    Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0,…

  • CVE-2020-7110Apr 16, 2020
    risk 0.00cvss epss 0.01

    ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4,…

  • CVE-2020-7113Apr 16, 2020
    risk 0.00cvss epss 0.01

    A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0…

  • CVE-2020-7111Apr 16, 2020
    risk 0.00cvss epss 0.02

    A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.

  • CVE-2020-7130Mar 4, 2020
    risk 0.00cvss epss 0.02

    HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports Open. This is resolved in OVGD 1.91 or later.

  • CVE-2019-5326Feb 27, 2020
    risk 0.00cvss epss 0.02

    An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application…

  • CVE-2019-5323Feb 27, 2020
    risk 0.00cvss epss 0.03

    There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.

  • CVE-2019-5322Feb 12, 2020
    risk 0.00cvss epss 0.01

    A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and…

  • CVE-2020-7208Feb 12, 2020
    risk 0.00cvss epss 0.01

    LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.

  • CVE-2016-2032Jan 31, 2020
    risk 0.00cvss epss 0.03

    A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672

  • CVE-2016-2031Jan 31, 2020
    risk 0.00cvss epss 0.05

    Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform…

  • CVE-2016-4401Nov 6, 2019
    risk 0.00cvss epss 0.01

    Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.

  • CVE-2018-16417Oct 30, 2019
    risk 0.00cvss epss 0.03

    Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.

  • CVE-2019-5315Sep 13, 2019
    risk 0.00cvss epss 0.02

    A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system…

  • CVE-2019-5314Sep 13, 2019
    risk 0.00cvss epss 0.01

    Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability.

  • CVE-2018-7081Sep 13, 2019
    risk 0.00cvss epss 0.06

    A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute…

  • CVE-2018-7064May 10, 2019
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or…

  • CVE-2018-7082May 10, 2019
    risk 0.00cvss epss 0.04

    A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration…

  • CVE-2018-7083May 10, 2019
    risk 0.00cvss epss 0.02

    If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba…

  • CVE-2018-7063Dec 7, 2018
    risk 0.00cvss epss 0.01

    In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API…

  • CVE-2018-7067Dec 7, 2018
    risk 0.00cvss epss 0.01

    A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the…

  • CVE-2018-7079Dec 7, 2018
    risk 0.00cvss epss 0.01

    Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could…

  • CVE-2018-7065Dec 7, 2018
    risk 0.00cvss epss 0.01

    An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could…

  • CVE-2018-7066Dec 7, 2018
    risk 0.00cvss epss 0.03

    An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected…

  • CVE-2015-5430Aug 27, 2015
    risk 0.00cvss epss 0.03

    HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-5409Aug 26, 2015
    risk 0.00cvss epss 0.02

    Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

  • CVE-2015-4132May 28, 2015
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-1551May 28, 2015
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.

  • CVE-2015-1550May 28, 2015
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.

  • CVE-2015-1392May 28, 2015
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2014-6628May 28, 2015
    risk 0.00cvss epss 0.02

    Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors.

  • CVE-2015-1388Mar 24, 2015
    risk 0.00cvss epss 0.01

    The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors.

  • CVE-2015-1348Feb 3, 2015
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface.

  • CVE-2014-8368Nov 25, 2014
    risk 0.00cvss epss 0.03

    The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.

Page 11 of 12