Vulnerabilities > Arubanetworks > Arubaos > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-11 | CVE-2020-24634 | Command Injection vulnerability in Arubanetworks Arubaos An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | 9.8 |
| 2020-01-31 | CVE-2016-2031 | Improper Input Validation vulnerability in multiple products Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. | 9.8 |
| 2019-09-13 | CVE-2018-7081 | Improper Input Validation vulnerability in Arubanetworks Arubaos A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. | 9.8 |
| 2017-10-04 | CVE-2017-14491 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | 9.8 |