CVE-2021-26966
published 2021-03-05CVE-2021-26966: A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities…
PriorityP336medium6.5CVSS 3.1
AVNACLPRHUINSUCHIHAN
EPSS
1.13%
62.3th percentile
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arubanetworks | airwave | < 8.2.12.0 | 8.2.12.0 |
| linux | linux_kernel | >= 0 < 4.4.0-269.303 | 4.4.0-269.303 |
| linux | linux_kernel | >= 0 < 4.15.0-238.250 | 4.15.0-238.250 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-azure vulnerabilities
osv·2025-06-09·CVSS 5.5
CVE-2024-56596 linux-azure vulnerabilities
linux-azure vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-56596, CVE-2024-47701, CVE-2024-26966, CVE-2021-47211,
CVE-2024-42301, CVE-2024-57850, CVE-2024-53168, CVE-2024-53155,
CVE-2024-56551)
OSV
linux-azure, linux-azure-4.15 vulnerabilities
osv·2025-06-09·CVSS 5.5
CVE-2024-57850 linux-azure, linux-azure-4.15 vulnerabilities
linux-azure, linux-azure-4.15 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-57850, CVE-2024-42301, CVE-2024-53155, CVE-2024-53168,
CVE-2024-26966, CVE-2021-47211, CVE-2024-56596, CVE-2024-56551,
CVE-2024-47701)
OSV
linux-azure-fips vulnerabilities
osv·2025-06-09·CVSS 5.5
CVE-2024-56551 linux-azure-fips vulnerabilities
linux-azure-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-56551, CVE-2024-47701, CVE-2024-57850, CVE-2024-26966,
CVE-2021-47211, CVE-2024-56596, CVE-2024-53155, CVE-2024-42301,
CVE-2024-53168)
OSV
linux-fips vulnerabilities
osv·2025-06-06·CVSS 5.5
CVE-2024-56551 linux-fips vulnerabilities
linux-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-56551, CVE-2024-53155, CVE-2024-53168, CVE-2024-42301,
CVE-2021-47211, CVE-2024-47701, CVE-2024-26966, CVE-2024-57850,
CVE-2024-56596)
OSV
linux, linux-aws, linux-kvm vulnerabilities
osv·2025-06-04·CVSS 5.5
CVE-2024-42301 linux, linux-aws, linux-kvm vulnerabilities
linux, linux-aws, linux-kvm vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-42301, CVE-2024-56596, CVE-2024-56551, CVE-2023-52458,
CVE-2024-57850, CVE-2024-47701, CVE-2024-53168, CVE-2021-47211,
CVE-2024-53155, CVE-2024-26966, CVE-2021-47353)
OSV
linux-aws-fips, linux-gcp-fips vulnerabilities
osv·2025-06-04·CVSS 5.5
CVE-2024-53155 linux-aws-fips, linux-gcp-fips vulnerabilities
linux-aws-fips, linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-53155, CVE-2024-47701, CVE-2021-47211, CVE-2024-56596,
CVE-2024-42301, CVE-2024-57850, CVE-2024-56551, CVE-2024-26966,
CVE-2024-53168)
OSV
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
osv·2025-06-04·CVSS 5.5
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-42301, CVE-2024-53168, CVE-2024-47701, CVE-2021-47211,
CVE-2024-53155, CVE-2024-56596, CVE-2024-26966, CVE-2024-56551,
CVE-2024-57850)
OSV
linux-aws, linux-lts-xenial vulnerabilities
osv·2025-06-04·CVSS 5.5
CVE-2024-42301 linux-aws, linux-lts-xenial vulnerabilities
linux-aws, linux-lts-xenial vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-42301, CVE-2024-53168, CVE-2024-57850, CVE-2024-47701,
CVE-2021-47211, CVE-2023-52458, CVE-2024-56551, CVE-2024-26966,
CVE-2024-53155, CVE-2024-56596, CVE-2021-47353)
OSV
linux-fips vulnerabilities
osv·2025-06-04·CVSS 5.5
CVE-2024-42301 linux-fips vulnerabilities
linux-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-42301, CVE-2024-26966, CVE-2023-52458, CVE-2024-47701,
CVE-2024-53155, CVE-2021-47211, CVE-2024-57850, CVE-2024-56551,
CVE-2021-47353, CVE-2024-56596, CVE-2024-53168)
GHSA
GHSA-h36f-59v7-5qgj: A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8
ghsa_unreviewed·2022-05-24
CVE-2021-26966 [MEDIUM] CWE-89 GHSA-h36f-59v7-5qgj: A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-05
Published