Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-16	CVE-2020-7114	Missing Authentication for Critical Function vulnerability in Arubanetworks Clearpass A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. network low complexity arubanetworks CWE-306 critical	9.8
2020-01-31	CVE-2016-2031	Improper Input Validation vulnerability in multiple products Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. network low complexity arubanetworks siemens CWE-20 critical	9.8
2019-11-06	CVE-2016-4401	Insufficiently Protected Credentials vulnerability in Arubanetworks Clearpass Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. network low complexity arubanetworks CWE-522 critical	9.8
2019-09-13	CVE-2018-7081	Improper Input Validation vulnerability in Arubanetworks Arubaos A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. network low complexity arubanetworks CWE-20 critical	9.8
2019-05-10	CVE-2018-7084	OS Command Injection vulnerability in multiple products A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. network low complexity arubanetworks siemens CWE-78 critical	9.8
2018-12-07	CVE-2018-7066	Unspecified vulnerability in Arubanetworks Clearpass Policy Manager An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. network high complexity arubanetworks critical	9.0
2018-03-09	CVE-2014-2592	Unrestricted Upload of File with Dangerous Type vulnerability in Arubanetworks web Management Portal 6.3.0.60730 Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension. network low complexity arubanetworks CWE-434 critical	9.8
2017-10-16	CVE-2015-4650	Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass Policy Manager Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. network low complexity arubanetworks CWE-264 critical	9.8
2017-10-04	CVE-2017-14491	Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. network low complexity thekelleys redhat canonical debian opensuse suse nvidia huawei arista siemens arubanetworks synology CWE-787 critical	9.8
2017-06-08	CVE-2016-2034	SQL Injection vulnerability in Arubanetworks Clearpass SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0. network low complexity arubanetworks CWE-89 critical	9.8