Filtered by vendor Hpe
Subscriptions
Total
257 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-37158 | 1 Hpe | 1 Arubaos-cx | 2026-02-26 | 6.7 Medium |
| A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system. | ||||
| CVE-2025-37159 | 1 Hpe | 1 Arubaos-cx | 2026-02-26 | 5.8 Medium |
| A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data. | ||||
| CVE-2025-37163 | 2 Arubanetworks, Hpe | 2 Airwave, Aruba Airwave | 2026-02-26 | 7.2 High |
| A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system. | ||||
| CVE-2025-37164 | 1 Hpe | 1 Oneview | 2026-02-26 | 10 Critical |
| A remote code execution issue exists in HPE OneView. | ||||
| CVE-2025-37169 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2025-37170 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-37171 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-37172 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-37173 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected system. | ||||
| CVE-2025-37174 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-37175 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands on the underlying operating system. | ||||
| CVE-2025-37176 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Arubaos, Arubaos | 2026-02-26 | 6.5 Medium |
| A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism. | ||||
| CVE-2026-23599 | 1 Hpe | 1 Aruba Networking Clearpass Policy Manager | 2026-02-18 | 7.8 High |
| A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges. | ||||
| CVE-2025-37162 | 2 Arubanetworks, Hpe | 2 Arubaos, Aruba Networking 100 Series Cellular Bridge | 2026-02-13 | 6.5 Medium |
| A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2025-37177 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Arubaos, Arubaos | 2026-01-23 | 6.5 Medium |
| An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | ||||
| CVE-2025-37178 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Arubaos, Arubaos | 2026-01-23 | 5.3 Medium |
| Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process. | ||||
| CVE-2025-37179 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Arubaos, Arubaos | 2026-01-23 | 5.3 Medium |
| Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process. | ||||
| CVE-2025-37168 | 3 Arubanetworks, Hp, Hpe | 3 Arubaos, Arubaos, Arubaos | 2026-01-23 | 8.2 High |
| Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices. | ||||
| CVE-2025-37181 | 2 Arubanetworks, Hpe | 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator | 2026-01-20 | 7.2 High |
| Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation. | ||||
| CVE-2025-37182 | 2 Arubanetworks, Hpe | 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator | 2026-01-20 | 7.2 High |
| Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation. | ||||