Skip to main content

Arubaos

187 CVEs product

Monthly

CVE-2019-5315 HIGH This Week

A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2019-5314 MEDIUM This Month

Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arubaos
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2018-7080 HIGH This Week

A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Aruba Information Disclosure Arubaos 203Rp Firmware 203R Firmware +2
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-14491 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow Memory Corruption Denial Of Service RCE Dnsmasq +20
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
57.8%
Threat
5.2
CVE-2015-1388 HIGH This Week

The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Aruba Arubaos
NVD
CVSS 2.0
7.2
EPSS
0.6%
CVE-2014-7299 HIGH This Week

Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2013-2290 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Aruba XSS Arubaos
NVD
CVSS 2.0
4.3
EPSS
0.4%
EPSS 2% CVSS 7.2
HIGH This Week

A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arubaos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Aruba Information Disclosure Arubaos +4
NVD
EPSS 58% 5.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow Memory Corruption Denial Of Service +22
NVD Exploit-DB
EPSS 1% CVSS 7.2
HIGH This Week

The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Aruba Arubaos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Aruba XSS Arubaos
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy