Vendor CVEs
Arubanetworks
All CVEs
577 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44855 | Hig | 0.47 | 7.2 | 0.00 | May 12, 2026 | Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these… | ||
| CVE-2026-44854 | Hig | 0.47 | 7.2 | 0.01 | May 12, 2026 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote… | ||
| CVE-2026-44853 | Hig | 0.47 | 7.2 | 0.01 | May 12, 2026 | Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote… | ||
| CVE-2026-44852 | Hig | 0.47 | 7.2 | 0.00 | May 12, 2026 | An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating… | ||
| CVE-2024-54008 | Hig | 0.47 | 7.2 | 0.01 | Dec 10, 2024 | An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host. | ||
| CVE-2024-47462 | Hig | 0.47 | 7.2 | 0.01 | Nov 5, 2024 | An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on… | ||
| CVE-2024-42503 | Hig | 0.47 | 7.2 | 0.01 | Sep 17, 2024 | Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system. | ||
| CVE-2024-42502 | Hig | 0.47 | 7.2 | 0.02 | Sep 17, 2024 | Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system. | ||
| CVE-2024-42501 | Hig | 0.47 | 7.2 | 0.01 | Sep 17, 2024 | An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants. | ||
| CVE-2015-4649 | Hig | 0.47 | 7.2 | 0.02 | Aug 29, 2017 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654. | ||
| CVE-2015-3657 | Hig | 0.47 | 7.2 | 0.01 | Aug 29, 2017 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. | ||
| CVE-2015-3656 | Hig | 0.47 | 7.2 | 0.01 | Aug 29, 2017 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. | ||
| CVE-2015-3654 | Hig | 0.47 | 7.2 | 0.02 | Aug 29, 2017 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. | ||
| CVE-2015-3653 | Hig | 0.47 | 7.2 | 0.02 | Aug 29, 2017 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect… | ||
| CVE-2014-2071 | Hig | 0.46 | 7.1 | 0.01 | Jan 8, 2018 | Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner… | ||
| CVE-2024-47464 | Med | 0.44 | 6.8 | 0.01 | Nov 5, 2024 | An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful exploitation of this vulnerability allows an attacker to copy arbitrary files to a user readable location from the command line interface of the underlying operating system, which could… | ||
| CVE-2016-8527 | Med | 0.44 | 6.1 | 0.13 | Aug 6, 2018 | Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative… | ||
| CVE-2017-13084 | Med | 0.44 | 6.8 | 0.02 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | ||
| CVE-2026-23545 | Med | 0.42 | 6.5 | 0.00 | Feb 19, 2026 | Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4. | ||
| CVE-2025-11725 | Med | 0.42 | 6.5 | 0.00 | Feb 19, 2026 | The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's… | ||
| CVE-2025-67913 | Med | 0.42 | 6.5 | 0.00 | Jan 8, 2026 | Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3. | ||
| CVE-2025-37148 | Med | 0.42 | 6.5 | 0.00 | Oct 14, 2025 | A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual… | ||
| CVE-2025-27078 | Med | 0.42 | 6.5 | 0.00 | Apr 8, 2025 | A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to inject commands into the underlying operating system while using the CLI. Successful exploitation could lead to complete system compromise. | ||
| CVE-2025-11706 | Med | 0.40 | 6.1 | 0.00 | Feb 19, 2026 | The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to… | ||
| CVE-2017-9002 | Med | 0.40 | 6.1 | 0.01 | Aug 6, 2018 | All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session… | ||
| CVE-2025-27080 | Med | 0.39 | 6.0 | 0.00 | Mar 18, 2025 | Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to… | ||
| CVE-2024-24454 | Med | 0.38 | 5.9 | 0.00 | Nov 15, 2024 | An invalid memory access when handling the ProtocolIE_ID field of E-RAB Modify Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. | ||
| CVE-2018-7073 | Med | 0.36 | 5.5 | 0.01 | Aug 6, 2018 | A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. | ||
| CVE-2017-5786 | Med | 0.36 | 5.5 | 0.01 | Feb 15, 2018 | A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14 | ||
| CVE-2017-12553 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2017-12552 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2017-12550 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2017-12549 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2017-12548 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2017-12547 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2017-12546 | Med | 0.36 | 5.6 | 0.00 | Feb 15, 2018 | A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2026-44873 | Med | 0.35 | 5.4 | 0.00 | May 12, 2026 | A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration.… | ||
| CVE-2017-5827 | Med | 0.35 | 5.4 | 0.01 | Feb 15, 2018 | A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. | ||
| CVE-2017-12544 | Med | 0.35 | 5.4 | 0.05 | Feb 15, 2018 | A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||
| CVE-2023-44983 | Med | 0.34 | 5.3 | 0.01 | Dec 19, 2023 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6. | ||
| CVE-2026-23694 | Med | 0.33 | — | 0.00 | Feb 23, 2026 | Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions. The handlers for ahsc_reset_options, ahsc_debug_status, and ahsc_enable_purge perform… | ||
| CVE-2026-44874 | Med | 0.32 | 4.9 | 0.00 | May 12, 2026 | A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of… | ||
| CVE-2024-26303 | Med | 0.32 | 4.9 | 0.01 | Mar 26, 2024 | Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon | ||
| CVE-2026-1924 | Med | 0.28 | 4.3 | 0.00 | Apr 10, 2026 | The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing nonce verification on the `ahsc_ajax_reset_options()` function. This makes it possible for unauthenticated attackers to… | ||
| CVE-2025-25042 | Med | 0.28 | 4.3 | 0.00 | Mar 18, 2025 | A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further… | ||
| CVE-2024-43119 | Med | 0.28 | 4.3 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12. | ||
| CVE-2024-22438 | Low | 0.23 | 3.5 | 0.00 | Apr 15, 2024 | A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820 Network switches. The vulnerability could be remotely exploited to allow execution of malicious code. | ||
| CVE-2025-25040 | Low | 0.21 | 3.3 | 0.00 | Mar 18, 2025 | A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is… | ||
| CVE-2020-7209 | 0.10 | — | 0.99 | Feb 12, 2020 | LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. | |||
| CVE-2020-7115 | 0.08 | — | 0.65 | Jun 3, 2020 | The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in… |
- risk 0.47cvss 7.2epss 0.00
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these…
- risk 0.47cvss 7.2epss 0.01
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote…
- risk 0.47cvss 7.2epss 0.01
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote…
- risk 0.47cvss 7.2epss 0.00
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating…
- risk 0.47cvss 7.2epss 0.01
An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.
- risk 0.47cvss 7.2epss 0.01
An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on…
- risk 0.47cvss 7.2epss 0.01
Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system.
- risk 0.47cvss 7.2epss 0.02
Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.
- risk 0.47cvss 7.2epss 0.01
An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.
- risk 0.47cvss 7.2epss 0.02
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
- risk 0.47cvss 7.2epss 0.01
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.
- risk 0.47cvss 7.2epss 0.01
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.
- risk 0.47cvss 7.2epss 0.02
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.
- risk 0.47cvss 7.2epss 0.02
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect…
- risk 0.46cvss 7.1epss 0.01
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner…
- risk 0.44cvss 6.8epss 0.01
An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful exploitation of this vulnerability allows an attacker to copy arbitrary files to a user readable location from the command line interface of the underlying operating system, which could…
- risk 0.44cvss 6.1epss 0.13
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative…
- risk 0.44cvss 6.8epss 0.02
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4.
- risk 0.42cvss 6.5epss 0.00
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3.
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual…
- risk 0.42cvss 6.5epss 0.00
A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to inject commands into the underlying operating system while using the CLI. Successful exploitation could lead to complete system compromise.
- risk 0.40cvss 6.1epss 0.00
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…
- risk 0.40cvss 6.1epss 0.01
All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session…
- risk 0.39cvss 6.0epss 0.00
Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to…
- risk 0.38cvss 5.9epss 0.00
An invalid memory access when handling the ProtocolIE_ID field of E-RAB Modify Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.
- risk 0.36cvss 5.5epss 0.01
A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
- risk 0.36cvss 5.5epss 0.01
A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14
- risk 0.36cvss 5.6epss 0.00
A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.6epss 0.00
A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.6epss 0.00
A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.6epss 0.00
A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.6epss 0.00
A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.6epss 0.00
A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.36cvss 5.6epss 0.00
A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.35cvss 5.4epss 0.00
A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration.…
- risk 0.35cvss 5.4epss 0.01
A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.
- risk 0.35cvss 5.4epss 0.05
A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- risk 0.34cvss 5.3epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6.
- risk 0.33cvss —epss 0.00
Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions. The handlers for ahsc_reset_options, ahsc_debug_status, and ahsc_enable_purge perform…
- risk 0.32cvss 4.9epss 0.00
A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of…
- risk 0.32cvss 4.9epss 0.01
Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon
- risk 0.28cvss 4.3epss 0.00
The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing nonce verification on the `ahsc_ajax_reset_options()` function. This makes it possible for unauthenticated attackers to…
- risk 0.28cvss 4.3epss 0.00
A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12.
- risk 0.23cvss 3.5epss 0.00
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820 Network switches. The vulnerability could be remotely exploited to allow execution of malicious code.
- risk 0.21cvss 3.3epss 0.00
A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is…
- CVE-2020-7209Feb 12, 2020risk 0.10cvss —epss 0.99
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
- CVE-2020-7115Jun 3, 2020risk 0.08cvss —epss 0.65
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in…
Page 2 of 12