Filtered by vendor Arubanetworks
Subscribe
Total
557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-37168 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 8.2 HIGH |
| Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices. | |||||
| CVE-2025-37181 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2026-01-20 | N/A | 7.2 HIGH |
| Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation. | |||||
| CVE-2025-37182 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2026-01-20 | N/A | 7.2 HIGH |
| Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation. | |||||
| CVE-2025-37183 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2026-01-20 | N/A | 7.2 HIGH |
| Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation. | |||||
| CVE-2025-37185 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2026-01-20 | N/A | 5.5 MEDIUM |
| Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface and thereby make unauthorized arbitrary configuration changes to the host. | |||||
| CVE-2025-37163 | 1 Arubanetworks | 1 Airwave | 2025-12-03 | N/A | 7.2 HIGH |
| A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system. | |||||
| CVE-2025-37135 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.5 MEDIUM |
| Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | |||||
| CVE-2025-37136 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.5 MEDIUM |
| Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | |||||
| CVE-2025-37137 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.5 MEDIUM |
| Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | |||||
| CVE-2025-37138 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.2 MEDIUM |
| An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an authenticated malicious actor with physical access to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2025-37140 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-37141 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-37142 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-27085 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. | |||||
| CVE-2025-27084 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 5.4 MEDIUM |
| A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the context of the affected interface. | |||||
| CVE-2025-27082 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
| Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system. | |||||
| CVE-2025-27083 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2025-37143 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-37144 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-37145 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
| Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||