CVSS: 7.2EPSS: 0%CPEs: 38EXPL: 0CVE-2015-1388
https://notcve.org/view.php?id=CVE-2015-1388
The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. La característica 'RAP console' en ArubaOS 5.x hasta 6.2.x, 6.3.x anterior a 6.3.1.15, y 6.4.x anterior a 6.4.2.4 en los puntos de acceso de Aruba en el modo Remote Access Point (AP) permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores no especificados. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-004.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1348
https://notcve.org/view.php?id=CVE-2015-1348
Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface. Desbordamiento de buffer basado en memoria dinámica en Aruba Instant (IAP) con firmware anterior a 4.0.0.7 y 4.1.x anterior a 4.1.1.2 permite a atacantes remotos causar una denegación de servicio (caída o restablecimiento de la configuración de fabrica por defecto) a través de un Frame malformado en la interfaz inalámbria. • http://www.arubanetworks.com/support/alerts/aruba-psa-2015-001.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8368
https://notcve.org/view.php?id=CVE-2014-8368
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors. La interfaz web en Aruba Networks AirWave anterior a 7.7.14 y 8.x anterior a 8.0.5 permite a usuarios remotos autenticados ganar privilegios y ejecutar código arbitrario a través de vectores no especificados. • http://secunia.com/advisories/62578 http://www.arubanetworks.com/support/alerts/aid-11192014.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/98871 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8367
https://notcve.org/view.php?id=CVE-2014-8367
SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x anterior a 6.3.6, y 6.4.x anterior a 6.4.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/62602 http://www.arubanetworks.com/support/alerts/aid-11192014.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/98870 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-6621
https://notcve.org/view.php?id=CVE-2014-6621
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page. Aruba Networks ClearPass anterior a 6.3.6 y 6.4.x anterior a 6.4.1 no deshabilita la página de solución de problemas y diagnóstico en los sistemas de producción, lo que permite a atacantes remotos obtener números de versión, la configuración del módulo, y otra información sensible mediante la lectura de la página. • http://secunia.com/advisories/61916 http://www.arubanetworks.com/support/alerts/aid-10282014.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •