CVSS: 10.0EPSS: 1%CPEs: 7EXPL: 0CVE-2021-37716
https://notcve.org/view.php?id=CVE-2021-37716
07 Sep 2021 — A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. Se ha detectado una vulnerabilidad de desbordamiento de búfer remoto en Aruba SD-WAN Software and Gateways; Aruba Operating System Software versiones: anteriores a 8.6.0.4-2.2.0.4; a... • https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 38EXPL: 0CVE-2020-26146 – kernel: reassembling encrypted fragments with non-consecutive packet numbers
https://notcve.org/view.php?id=CVE-2020-26146
11 May 2021 — An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design. • http://www.openwall.com/lists/oss-security/2021/05/11/12 • CWE-20: Improper Input Validation CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 5%CPEs: 8EXPL: 3CVE-2021-25161 – Aruba Instant (IAP) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-25161
30 Mar 2021 — A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de tipo cross... • https://packetstorm.news/files/id/163522 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 33%CPEs: 8EXPL: 5CVE-2021-25162 – Aruba Instant (IAP) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-25162
30 Mar 2021 — A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de ejecu... • https://packetstorm.news/files/id/163522 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.9EPSS: 3%CPEs: 8EXPL: 2CVE-2021-25160 – Aruba Instant (IAP) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-25160
30 Mar 2021 — A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de modificac... • https://packetstorm.news/files/id/163522 •
CVSS: 8.5EPSS: 4%CPEs: 8EXPL: 3CVE-2021-25159 – Aruba Instant (IAP) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-25159
30 Mar 2021 — A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de modificac... • https://packetstorm.news/files/id/163522 •
CVSS: 4.9EPSS: 7%CPEs: 8EXPL: 3CVE-2021-25157 – Aruba Instant (IAP) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-25157
30 Mar 2021 — A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de lectura remota de... • https://packetstorm.news/files/id/163522 •
CVSS: 5.9EPSS: 5%CPEs: 7EXPL: 3CVE-2021-25158 – Aruba Instant (IAP) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-25158
30 Mar 2021 — A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de lectura remota de archivos arbitrarios en algunos productos Aruba ... • https://packetstorm.news/files/id/163522 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.9EPSS: 2%CPEs: 8EXPL: 3CVE-2021-25156 – Aruba Instant (IAP) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-25156
30 Mar 2021 — A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de creación d... • https://packetstorm.news/files/id/163522 •
CVSS: 8.5EPSS: 4%CPEs: 8EXPL: 4CVE-2021-25155 – Aruba Instant (IAP) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-25155
30 Mar 2021 — A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. Se detectó una vulnerabilidad de modificac... • https://packetstorm.news/files/id/163524 •