Filtered by vendor Arubanetworks
Subscribe
Total
393 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-5342 | 1 Arubanetworks | 1 Clearpass | 2024-02-04 | 10.0 HIGH | N/A |
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627. | |||||
CVE-2014-6627 | 1 Arubanetworks | 1 Clearpass | 2024-02-04 | 9.0 HIGH | N/A |
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342. | |||||
CVE-2014-2593 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-04 | 9.0 HIGH | N/A |
The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands. | |||||
CVE-2014-6624 | 1 Arubanetworks | 1 Clearpass | 2024-02-04 | 6.8 MEDIUM | N/A |
The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
CVE-2014-4031 | 1 Arubanetworks | 1 Clearpass | 2024-02-04 | 4.0 MEDIUM | N/A |
The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors. | |||||
CVE-2014-8368 | 1 Arubanetworks | 1 Airwave | 2024-02-04 | 9.0 HIGH | N/A |
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. | |||||
CVE-2013-2269 | 1 Arubanetworks | 2 Clearpass, Clearpass Guest | 2024-02-04 | 5.0 MEDIUM | N/A |
The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link. | |||||
CVE-2013-2290 | 1 Arubanetworks | 1 Arubaos | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID. | |||||
CVE-2009-3836 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2024-02-04 | 6.1 MEDIUM | N/A |
ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame. | |||||
CVE-2008-5563 | 2 Aruba Networks, Arubanetworks | 3 Aruba Mobility Controller, Aruba Mobility Controllers, Aruba Mobility Controller | 2024-02-04 | 7.8 HIGH | N/A |
Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service (device crash) via a malformed Extensible Authentication Protocol (EAP) frame. | |||||
CVE-2008-7023 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2024-02-04 | 10.0 HIGH | N/A |
Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation. | |||||
CVE-2008-7095 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2024-02-04 | 7.8 HIGH | N/A |
The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB. | |||||
CVE-2008-2273 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2024-02-04 | 9.0 HIGH | N/A |
Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors. |