Vulnerabilities > Arubanetworks > Arubaos
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-07 | CVE-2022-37890 | Classic Buffer Overflow vulnerability in multiple products Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. | 9.8 |
2022-10-07 | CVE-2022-37891 | Classic Buffer Overflow vulnerability in multiple products Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. | 9.8 |
2022-10-07 | CVE-2022-37892 | Cross-site Scripting vulnerability in multiple products A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. | 5.4 |
2022-10-06 | CVE-2022-37888 | Classic Buffer Overflow vulnerability in multiple products There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). | 9.8 |
2021-09-07 | CVE-2019-5318 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. | 7.1 |
2021-09-07 | CVE-2021-37716 | Classic Buffer Overflow vulnerability in multiple products A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. | 10.0 |
2021-09-07 | CVE-2021-37717 | Command Injection vulnerability in multiple products A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. | 9.0 |
2021-09-07 | CVE-2021-37718 | Command Injection vulnerability in multiple products A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. | 9.0 |
2021-09-07 | CVE-2021-37719 | Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. | 9.0 |
2021-09-07 | CVE-2021-37720 | Command Injection vulnerability in multiple products A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. | 9.0 |