Filtered by vendor Arubanetworks
Subscribe
Total
506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-37135 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.5 MEDIUM |
| Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | |||||
| CVE-2025-37136 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.5 MEDIUM |
| Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | |||||
| CVE-2025-37137 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.5 MEDIUM |
| Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | |||||
| CVE-2025-37138 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.2 MEDIUM |
| An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an authenticated malicious actor with physical access to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2025-37140 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-37141 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-37142 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-27085 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. | |||||
| CVE-2025-27084 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 5.4 MEDIUM |
| A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the context of the affected interface. | |||||
| CVE-2025-27082 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
| Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system. | |||||
| CVE-2025-27083 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2025-37143 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-37144 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-37145 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-37132 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
| An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the underlying operating system. | |||||
| CVE-2025-37133 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
| An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2025-37134 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
| An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2017-5638 | 7 Apache, Arubanetworks, Hp and 4 more | 13 Struts, Clearpass Policy Manager, Server Automation and 10 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | |||||
| CVE-2024-25616 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 3.7 LOW |
| Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers. | |||||
| CVE-2024-25615 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 5.3 MEDIUM |
| An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service. | |||||