CVSS: 7.8EPSS: 6%CPEs: 127EXPL: 0CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
06 Aug 2018 — Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP pac... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7058
https://notcve.org/view.php?id=CVE-2018-7058
06 Aug 2018 — Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent. Aruba ClearPass, en todas las versiones 6.6.x anteriores a la 6.6.9, se han visto afe... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7059
https://notcve.org/view.php?id=CVE-2018-7059
06 Aug 2018 — Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with "mon" permission. Aruba ClearPass en versiones anteriores a la 6.6.9 tiene una vulnerabilidad en la API que ayuda a coordinar acciones del clúster. Un usuario autenticado con el permiso "mon" ... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 0CVE-2017-9001
https://notcve.org/view.php?id=CVE-2017-9001
06 Aug 2018 — Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by def... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9002
https://notcve.org/view.php?id=CVE-2017-9002
06 Aug 2018 — All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser. Todas las versiones de Aruba ClearPass anteriores a la 6.6.8 contiene... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 26%CPEs: 1EXPL: 0CVE-2017-5824 – HPE Security Bulletin HPESBHF03730 1
https://notcve.org/view.php?id=CVE-2017-5824
27 May 2017 — An unauthenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. Se ha encontrado una vulnerabilidad de ejecución remota de código sin autenticar en HPE Aruba ClearPass Policy Manager 6.6.x. Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disc... • http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5825 – HPE Security Bulletin HPESBHF03730 1
https://notcve.org/view.php?id=CVE-2017-5825
27 May 2017 — A privilege escalation vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. Se ha encontrado una vulnerabilidad de escalado de privilegios en HPE Aruba ClearPass Policy Manager 6.6.x. Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disclosure of information. Revision 1 of... • http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-5826 – HPE Security Bulletin HPESBHF03730 1
https://notcve.org/view.php?id=CVE-2017-5826
27 May 2017 — An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. Se ha encontrado una vulnerabilidad de ejecución remota de código autenticada en HPE Aruba ClearPass Policy Manager 6.6.x. Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disclosur... • http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5827 – HPE Security Bulletin HPESBHF03730 1
https://notcve.org/view.php?id=CVE-2017-5827
27 May 2017 — A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en HPE Aruba ClearPass Policy Manager 6.6.x. Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disclosure of inf... • http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5828 – HPE Security Bulletin HPESBHF03730 1
https://notcve.org/view.php?id=CVE-2017-5828
27 May 2017 — An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found. Se ha encontrado una vulnerabilidad de ejecución de comandos arbitrarios en HPE Aruba ClearPass Policy Manager 6.6.x. Potential security vulnerabilities have been identified in HPE Aruba ClearPass Policy Manager. The vulnerabilities could be remotely exploited to allow access restriction bypass, arbitrary command execution, cross site scripting (XSS), escalation of privilege and disclosure of informat... • http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt • CWE-611: Improper Restriction of XML External Entity Reference •