VYPR

Vendor CVEs

Arubanetworks

All CVEs

577 total · sorted by risk
  • CVE-2022-37905Nov 3, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.

  • CVE-2022-37904Nov 3, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.

  • CVE-2022-37912Nov 3, 2022
    risk 0.00cvss epss 0.02

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

  • CVE-2022-37902Nov 3, 2022
    risk 0.00cvss epss 0.02

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

  • CVE-2022-37901Nov 3, 2022
    risk 0.00cvss epss 0.02

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

  • CVE-2022-37900Nov 3, 2022
    risk 0.00cvss epss 0.02

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

  • CVE-2022-37899Nov 3, 2022
    risk 0.00cvss epss 0.02

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

  • CVE-2022-37898Nov 3, 2022
    risk 0.00cvss epss 0.01

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

  • CVE-2022-37897Nov 3, 2022
    risk 0.00cvss epss 0.02

    There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the…

  • CVE-2022-37928Nov 3, 2022
    risk 0.00cvss epss 0.00

    Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.

  • CVE-2022-37930Nov 3, 2022
    risk 0.00cvss epss 0.00

    A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.

  • CVE-2022-37929Nov 3, 2022
    risk 0.00cvss epss 0.00

    Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays.

  • CVE-2022-37927Nov 3, 2022
    risk 0.00cvss epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD).

  • CVE-2022-37915Oct 28, 2022
    risk 0.00cvss epss 0.02

    A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute…

  • CVE-2022-37914Oct 28, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges…

  • CVE-2022-37913Oct 28, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges…

  • CVE-2022-37893Oct 7, 2022
    risk 0.00cvss epss 0.01

    An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of…

  • CVE-2022-37894Oct 7, 2022
    risk 0.00cvss epss 0.00

    An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS…

  • CVE-2022-37891Oct 7, 2022
    risk 0.00cvss epss 0.01

    Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and…

  • CVE-2022-37890Oct 7, 2022
    risk 0.00cvss epss 0.01

    Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and…

  • CVE-2022-37887Oct 7, 2022
    risk 0.00cvss epss 0.02

    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these…

  • CVE-2022-37896Oct 7, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in…

  • CVE-2022-37885Oct 7, 2022
    risk 0.00cvss epss 0.01

    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these…

  • CVE-2022-37889Oct 7, 2022
    risk 0.00cvss epss 0.02

    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these…

  • CVE-2022-37895Oct 7, 2022
    risk 0.00cvss epss 0.01

    An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS…

  • CVE-2022-37892Oct 7, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary…

  • CVE-2022-37886Oct 7, 2022
    risk 0.00cvss epss 0.01

    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these…

  • CVE-2022-37888Oct 6, 2022
    risk 0.00cvss epss 0.01

    There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these…

  • CVE-2022-23685Sep 20, 2022
    risk 0.00cvss epss 0.00

    A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input against these endpoints if…

  • CVE-2022-23692Sep 20, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify…

  • CVE-2022-23693Sep 20, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify…

  • CVE-2022-23695Sep 20, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify…

  • CVE-2022-23694Sep 20, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify…

  • CVE-2022-23696Sep 20, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify…

  • CVE-2022-37877Sep 20, 2022
    risk 0.00cvss epss 0.00

    A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass…

  • CVE-2022-37880Sep 20, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-37878Sep 20, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-37879Sep 20, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-37884Sep 20, 2022
    risk 0.00cvss epss 0.01

    A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. A successful exploitation of this vulnerability results in the unavailability of the…

  • CVE-2022-37881Sep 20, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-37882Sep 20, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-37883Sep 20, 2022
    risk 0.00cvss epss 0.01

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system…

  • CVE-2022-23690Sep 6, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch…

  • CVE-2022-23688Sep 6, 2022
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX…

  • CVE-2022-23691Sep 6, 2022
    risk 0.00cvss epss 0.00

    A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX…

  • CVE-2022-23689Sep 6, 2022
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX…

  • CVE-2022-23686Sep 6, 2022
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX…

  • CVE-2022-23687Sep 6, 2022
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX…

  • CVE-2022-23684Sep 6, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Successful exploitation of this vulnerability allows an attacker to escalate…

  • CVE-2022-23682Sep 6, 2022
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in…

Page 7 of 12