Archive of Security Advisories

Advisories

• ClearPass Policy Manager Multiple Vulnerabilities – 04/14/2020
• WPA and WPA2 Disassociation Vulnerability ("Kr00k") – 02/28/2020
• AirWave Management Platform Multiple Vulnerabilities – 02/25/2020
• Information Disclosure in Web Management Interface for Aruba Intelligent Edge Switches – 02/11/2020
• Aruba Mobility Controller Multiple Remote Code Execution Vulnerabilities – 09/03/2019
• Aruba Impact for CPU Side-Channel Attacks – 06/25/2019
• WPA3 Multiple Vulnerabilities – 04/16/2019
• Aruba Instant Multiple Vulnerabilities – 02/27/2019
• ClearPass Policy Manager Multiple Vulnerabilities – 11/07/2018
• Aruba BLE Radio Firmware Vulnerability – 10/18/2018
• Apache Struts Vulnerability in ClearPass Policy Manager – 08/24/2018
• Linux Kernel Vulnerabilities in ClearPass and AirWave – 08/24/2018
• Return Of Bleichenbacher's Oracle Threat (ROBOT) – 03/28/2018
• ClearPass Policy Manager Multiple Vulnerabilities – 03/21/2018
• Unauthorized Memory Disclosure through CPU Side-Channel Attacks ("Meltdown" and "Spectre") – 01/04/2018
• WPA2 Key Reinstallation Vulnerabilities (CVE-2017-13077) – 10/16/2017
  • Read the FAQ
• ArubaOS Multiple Vulnerabilities – 10/11/2017
• Multiple Vulnerabilities in 'dnsmasq' – 10/11/2017
• ClearPass Policy Manager Multiple Vulnerabilities – 09/27/2017
• Apache Struts Multiple Vulnerabilities – 09/11/2017
• HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities – 06/14/2017
• Aruba AirWave Glass, Remote Code Execution – 05/24/2017
• Aruba ClearPass Policy Manager, Multiple Vulnerabilities – 05/24/2017
• Apache Struts Remote Code Execution Vulnerability – 03/10/2017
• AirWave Management Platform Multiple Vulnerabilities – 01/18/2017
• "Dirty Cow" Linux Kernel Vulnerability (CVE-2016-5195) – 11/04/2016
• ClearPass Policy Manager Multiple Vulnerabilities – 09/21/2016
• ClearPass Policy Manager Multiple Vulnerabilities – 06/01/2016
• ArubaOS Multiple Vulnerabilities – 05/11/2016
• ClearPass Policy Manager Multiple Vulnerabilities – 05/11/2016
• ArubaOS PAPI Vulnerabilities – 05/04/2016
• Aruba Instant Multiple Vulnerabilities – 05/04/2016
• AirWave Management Platform Multiple Vulnerabilities – 05/04/2016
• SAMR and LSA man in the middle attacks ("BADLOCK") – 04/22/2016
• OpenSSL Multiple Vulnerabilities (March 2016) – 03/03/2016
• glibc getaddrinfo() Stack-Based Buffer Overflow – 02/18/2016
• ArubaOS Multiple Vulnerabilities – 11/30/2015
• Network Time Protocol Daemon (NTPD) Multiple Vulnerabilities – 11/30/2015
• ClearPass Policy Manager Multiple Vulnerabilities – 08/20/2015
• OpenSSL Alternative chains certificate forgery – 07/10/2015
• OpenSSL Multiple Vulnerabilities (19 March 2015) – 03/26/2015
• ClearPass Policy Manager Multiple Vulnerabilities – 03/25/2015
• AirWave Multiple Vulnerabilities – 03/18/2015
• Aruba Remote Access Point (RAP) Command Injection – 03/18/2015
• OpenSSL Multiple Vulnerabilities (08 January 2015) – 02/05/2015
• Buffer Overflow in glibc, aka “GHOST” – 02/05/2015
• Aruba Instant (IAP) Wireless DoS Attack – 01/27/2015
• Airwave Privilege Escalation and CPPM SQL Injection (CVE-2014-8367, CVE-2014-8368) – 11/19/2014
• Aruba ClearPass Multiple Vulnerabilities (October 2014) – 10/28/2014
• SSL 3.0 “POODLE” Attack – 10/14/2014
• ArubaOS Authentication Bypass Vulnerability – 10/07/2014
• GNU bash Shell Multiple Vulnerabilities – 09/25/2014
• OpenSSL Multiple Vulnerabilities (August 2014) – 08/18/2014
• SQL Injection and Credential Disclosure Vulnerability in Aruba Networks ClearPass Policy Manager – 07/03/2014
• OpenSSL Multiple Vulnerabilities (CVE-2014-0224) – 06/06/2014
• Apache Struts2 Vulnerabilities (CVE-2014-0050, CVE-2014-0094, CVE-2014-0112, CVE-2014-0113) in ClearPass Policy Manager – 05/14/2014
• Privilege Elevation Vulnerabilities (CVE-2014-2071, CVE-2014-2101) in ClearPass Policy Manager – 05/02/2014
• OpenSSL 1.0.1 library (Heartbleed) vulnerability (CVE-2014-0160) – 04/08/2014
• Apache Struts2 Vulnerability in Aruba Networks ClearPass Policy Manager (CVE-2013-2248, CVE-2013-2251) – 08/01/2013
• Sponsor Confirmation Approval Bypass Vulnerability in Aruba Networks ClearPass Guest product – 05/08/2013
• Multiple Vulnerabilities in OpenSSL (CVE-2013-0169, CVE-2013-0166) – 04/26/2013
• Multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS User Authentication Bypass Vulnerability. – 03/19/2012
• Cross Site Scripting vulnerability in ArubaOS Administration WebUI – 03/18/2012
• Cross Site Scripting vulnerability in ArubaOS and AirWave Administration Web Interfaces – 06/07/2011
• Aruba Mobility Controller – multiple advisories: DoS and authentication bypass – 01/31/2011
• TLS Protocol Session Renegotiation Security Vulnerability – 02/08/2010
• Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point – 10/26/2009
• Management User Authentication Bypass Vulnerability When Using Public Key Based SSH Authentication – 04/23/2009
• DoS Vulnerability in Aruba Mobility Controller Caused by Malformed EAP Frame – 12/08/2008
• Aruba Mobility Controller TACACS User Authentication and Cross Site Scripting Vulnerabilities – 05/14/2008
• Aruba Mobility Controller User Authentication Vulnerability – 12/22/2007
• Aruba Mobility Controller Management Interface Session Cookie Vulnerability – 09/04/2007
• Aruba Mobility Controller Management Interface Login Pages Cross-Site Scripting – 09/03/2007
• Mobility Controller Management Interface Buffer Overflow – 02/13/2007
• Aruba Mobility Controller Guest User Privilege Escalation – 02/13/2007
• VPN ISAKMP Message Processing Denial of Service – 11/13/2005
• SSH Tunneling (Port Forwarding) Through the Aruba Devices is Allowed – 06/14/2005
• IPsec Configurations May Be Vulnerable to Information Disclosure – 05/10/2005
• Risk of Multiple Denial of Service Attacks Using Modified ICMP Packets – 04/19/2005
• Aruba Switches are Vulnerable to a PPTP Exploit – 02/10/2005
• ISC DHCP Contains C Includes That Define “vsnprintf” to “vsprintf” Creating Potential Buffer Overflow Conditions – 06/15/2004
• ISC DHCPD Contains a Stack Buffer Overflow Vulnerability in Handling Log Lines Containing ASCII Characters Only – 06/14/2004
• IEEE 802.11 Wireless Network Protocol DSSS CCA Algorithm Vulnerable to Denial of service – 04/17/2004
• SSH Vulnerabilities – 11/18/2003