CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1391
https://notcve.org/view.php?id=CVE-2015-1391
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism. Aruba AirWave antes de la versión 8.0.7 permite eludir un mecanismo de protección CSRF. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1390
https://notcve.org/view.php?id=CVE-2015-1390
Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator. Aruba AirWave anterior a 8.0.7 permite ataques XSS contra un administrador. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2201
https://notcve.org/view.php?id=CVE-2015-2201
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. Aruba AirWave anterior a 7.7.14.2 y 8.x y anterior a 8.0.7 permite la ejecución remota de comandos del sistema operativo VisualRF y la divulgación de archivos por parte de usuarios administrativos. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2202
https://notcve.org/view.php?id=CVE-2015-2202
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. Aruba AirWave antes de las versiones 7.7.14.2 y 8.x antes de 8.0.7 permite a los usuarios administrativos escalar privilegios a root en el sistema operativo subyacente. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 74%CPEs: 127EXPL: 0CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/104976 http://www.securitytracker.com/id/1041424 http://www.securitytracker.com/id/1041434 https://access.redhat.co • CWE-400: Uncontrolled Resource Consumption •