The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resour...
7.5CVSS
7.3AI Score
0.012EPSS
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions a...
9.8CVSS
9.7AI Score
0.01EPSS
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
7.5CVSS
6.2AI Score
0.006EPSS
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
9.8CVSS
9.1AI Score
0.303EPSS
A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session c...
6.1CVSS
6AI Score
0.001EPSS
A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would ...
7.2CVSS
7.2AI Score
0.002EPSS
If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. C...
7.5CVSS
7.3AI Score
0.002EPSS
A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete fil...
9.8CVSS
9.8AI Score
0.004EPSS
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Arub...
6.8CVSS
6.7AI Score
0.001EPSS
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability.
6.5CVSS
6.2AI Score
0.001EPSS
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Ins...
9.8CVSS
9.7AI Score
0.005EPSS
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802...
3.5CVSS
6.4AI Score
0.003EPSS
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; A...
7.2CVSS
7.3AI Score
0.005EPSS
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; A...
9.8CVSS
9.6AI Score
0.014EPSS
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
6.5CVSS
6.7AI Score
0.002EPSS
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented fr...
5.3CVSS
6AI Score
0.001EPSS
A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that a...
7.5CVSS
7.5AI Score
0.002EPSS
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Ins...
8.8CVSS
8.9AI Score
0.003EPSS
A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0...
6.5CVSS
6.4AI Score
0.001EPSS
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; A...
7.2CVSS
7.3AI Score
0.005EPSS
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba...
8.1CVSS
8.1AI Score
0.001EPSS
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Ins...
9.8CVSS
9.7AI Score
0.006EPSS
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. A...
8.8CVSS
8.9AI Score
0.004EPSS
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and bel...
6.5CVSS
6.5AI Score
0.007EPSS
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and belo...
4.9CVSS
5.3AI Score
0.016EPSS
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Arub...
4.9CVSS
5.2AI Score
0.05EPSS
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant...
5.9CVSS
5.8AI Score
0.105EPSS
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and bel...
6.5CVSS
6.6AI Score
0.027EPSS
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and bel...
4.9CVSS
5.3AI Score
0.001EPSS
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and belo...
6.1CVSS
6.1AI Score
0.005EPSS
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and...
8.1CVSS
8.3AI Score
0.533EPSS
A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that addres...
9.8CVSS
9.6AI Score
0.005EPSS
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS...
7.2CVSS
7AI Score
0.003EPSS
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS...
7.2CVSS
7AI Score
0.003EPSS
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and ...
7.2CVSS
7AI Score
0.003EPSS
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and ...
7.2CVSS
7AI Score
0.003EPSS
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and ...
7.2CVSS
7AI Score
0.003EPSS
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.
7.2CVSS
7.1AI Score
0.002EPSS
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.
7.2CVSS
7.1AI Score
0.002EPSS
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gatew...
8.1CVSS
8AI Score
0.001EPSS
A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.
9.8CVSS
9.7AI Score
0.006EPSS
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1...
7.2CVSS
7.2AI Score
0.003EPSS
A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability.
6.5CVSS
6.2AI Score
0.001EPSS
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ...
6.5CVSS
6.4AI Score
0.001EPSS
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant ...
7.2CVSS
7.2AI Score
0.003EPSS
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address ...
6.2CVSS
6.2AI Score
0.001EPSS
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant 8...
7.2CVSS
7.2AI Score
0.003EPSS
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address...
4.9CVSS
5.1AI Score
0.001EPSS
A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 a...
6.5CVSS
6.3AI Score
0.001EPSS
A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerab...
5.3CVSS
5.4AI Score
0.002EPSS