CVE-2024-5872 On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.

On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc...

CVE-2024-5872 On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.

On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc...

CVE-2024-5872

CVE-2024-5872 affects Arista EOS where a specially crafted packet with an incorrect VLAN tag can be copied to the CPU, potentially causing incorrect control plane behavior (e.g., route flaps, learned multicast routes). The issue is rooted in how VLAN-tagged packets may be misrouted to the CPU und...

SUSE CVE-2024-56513

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the karmadactl register command have excessive privileges to access control plane resources...

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular, Linux-based network operating system from Arista USA. A security vulnerability exists in Arista EOS that stems from the fact that specially crafted packets with incorrect VLAN tags may be copied to the CPU, which may result in incorrect control...

CVE-2024-56513

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the karmadactl register command have excessive privileges to access control plane resources...

Karmada PULL Mode Cluster Privilege Escalation

Impact What kind of vulnerability is it? Who is impacted? The PULL mode clusters registered with the karmadactl register command have excessive privileges to access control plane resources. By abusing these permissions, an attacker able to authenticate as the karmada-agent to a karmada cluster...

CVE-2024-56513

Karmada PULL mode clusters were granted excessive access to control plane resources before v1.12.0. An attacker who can authenticate as the karmada-agent could obtain administrative privileges over the entire federation, including all member clusters. Since v1.12.0, karmadactl register tightens p...

CVE-2024-56513 Karmada PULL Mode Cluster Privilege Escalation

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the karmadactl register command have excessive privileges to access control plane resources...

CVE-2024-55582

Oxide before 6 has unencrypted Control Plane datastores...

CVE-2024-55582

Oxide before 6 has unencrypted Control Plane datastores...

Oxide 安全漏洞

Oxide is a cloud platform from Oxide, Inc. A security vulnerability exists in versions prior to Oxide 6 that stems from having unencrypted control plane data storage...

CVE-2024-55582

CVE-2024-55582 affects Oxide prior to version 6, where the control plane datastores are unencrypted. Root cause: storage of control plane data without encryption. Impact (per sources): potential exposure or modification of sensitive control-plane information, reflected in the CVSS vector (high co...

CVE-2023-50913

Oxide control plane software before 5 allows SSRF...

CVE-2023-50913

The CVE-2023-50913 entry refers to the Oxide control plane software prior to version 5, where a Server-Side Request Forgery (SSRF) vulnerability is present. The issue affects the Oxide control plane software and is characterized by SSRF with high impact to confidentiality and integrity (per CVSS ...

PT-2024-14005 · Oxide · Oxide

Name of the Vulnerable Software and Affected Versions: Oxide control plane software versions prior to 5 Description: The issue allows Server-Side Request Forgery SSRF, which is a type of attack where an attacker can trick a server into making requests to internal or external systems. This can...

CVE-2023-50913

Oxide control plane software before 5 allows SSRF...

CVE-2023-50913

Oxide control plane software before 5 allows SSRF...

CVE-2024-50274

In the Linux kernel, the following vulnerability has been resolved: idpf: avoid vport access in idpfgetlinkksettings When the device control plane is removed or the platform running device control plane is rebooted, a reset is detected on the driver. On driver reset, it releases the resources and...

SUSE CVE-2024-53064

In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpfvccoreinit error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset i...