10 matches found
CVE-2026-31431
CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...
CVE-2019-17596
CVE-2019-17596 affects Go (Go before 1.12.11 and 1.3.x before 1.13.2) and can cause a panic when processing network traffic that contains an invalid DSA public key, e.g., traffic between clients and servers that verify client certificates. Connected advisories show affected Go versions and explic...
CVE-2020-13881
CVE-2020-13881 affects pam_tacplus where the TACACS+ shared secret is logged via journald/syslog when DEBUG is enabled. The initial description notes logging of the shared secret for versions 1.3.8–1.5.1. Connected advisories confirm affected packages and provide remediation: Debian/Ubuntu adviso...
CVE-2023-24546
CVE-2023-24546 affects on-prem Arista CloudVision Portal. A bug in the authorization layer allowed a malicious actor with network access to CloudVision to gain broader access to telemetry and configuration data. The attack surface is limited to CloudVision Portal deployments (not CloudVision as-a...
CVE-2019-18181
Arista CloudVision Portal is affected in all releases of the 2018.1 and 2018.2 code trains. The issue allows users with read-only permissions to bypass restrictions for certain functionality via CVP API calls through the Configlet Builder modules, potentially letting authenticated read-only users...
CVE-2022-29071
Arista CloudVision Portal (CVP) on-premises is affected. Under certain conditions, CVP user login passwords can be leaked to other authenticated users via Audit and System logs. The issue is documented in ARISTA Security Advisory 0079 and CVE-2022-29071, with fixed releases CVP 2022.1.1 and CVP 2...
CVE-2019-18615
CVE-2019-18615 applies to Arista’s CloudVision Portal (CVP) 2018.2 train. Under certain conditions, CVP logs user passwords in plain text for specific API calls: (1) devices have enable passwords different from the user login password, or (2) configlet builders use the Device class and specify us...
CVE-2016-9012
CVE-2016-9012 concerns Arista Networks CloudVision Portal (CVP) before 2016.1.2.1. The issue allows a remote authenticated user with access to the management plane to gain access to internal configuration mechanisms via the management interface, related to a request to /web/system/console/bundle....
CVE-2018-12357
CVE-2018-12357 affects Arista CloudVision Portal up to version 2018.1.1, where an incorrect permissions issue could let an authenticated user with access to Account Management read/write access access sensitive information of other users. The Red Hat and Arista advisories confirm the vulnerabilit...
CVE-2020-24333
The CVE-2020-24333 issue affects Arista’s CloudVision Portal (CVP) prior to 2020.2, where users with read-only or higher access to the Configlet Management module can download files not intended for access via a specific API. The vulnerability’s impact is the exposure of server-hosted files to au...