CVE-2022-37891

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS...

EUVD-2023-26906

Malicious code in bioql PyPI...

EUVD-2023-26908

Malicious code in bioql PyPI...

EUVD-2023-26907

Malicious code in bioql PyPI...

EUVD-2022-40498

Malicious code in bioql PyPI...

EUVD-2023-26905

Malicious code in bioql PyPI...

Siemens SCALANCE W1750D Command Injection (CVE-2023-22790)

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This plugin on...

Siemens SCALANCE W1750D Command Injection (CVE-2023-22788)

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This plugin on...

Siemens SCALANCE W1750D Improper Input Validation (CVE-2023-22787)

An unauthenticated Denial of Service DoS vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. This plugin on...

Siemens SCALANCE W1750D Command Injection (CVE-2023-22789)

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This plugin on...

Siemens SCALANCE W1750D Exposure of Sensitive Information to an Unauthorized Actor (CVE-2023-22791)

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in whi...

CVE-2023-22787

An unauthenticated Denial of Service DoS vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point...

CVE-2023-22789

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2023-22788

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2023-22791

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in whi...

Denial of service

An unauthenticated Denial of Service DoS vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point...

Information disclosure

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in whi...

Command injection

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

Command injection

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2023-22791

CVE-2023-22791 affects Aruba InstantOS and ArubaOS 10, where an edge-case combination of network configuration and WLAN environment with an attacker who has valid credentials can disclose potentially sensitive information over the WLAN. The vulnerability is documented across multiple sources (NVD...