Eos Security Vulnerabilities and Issues — Eos CVE List

Lucene search

AristaEos

11 matches found

CVE•added 2015/08/31 10:59 a.m.•140 views

CVE-2015-3214

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

6.9CVSS6.1AI score0.0147EPSS

CVE•added 2020/01/23 8:15 p.m.•109 views

CVE-2015-5745

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

6.5CVSS6.1AI score0.01476EPSS

CVE•added 2020/01/23 8:15 p.m.•105 views

CVE-2015-5278

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

6.5CVSS7.3AI score0.01817EPSS

CVE•added 2020/01/23 8:15 p.m.•101 views

CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

6.5CVSS6.4AI score0.043EPSS

CVE•added 2023/08/29 5:15 p.m.•58 views

CVE-2023-24548

On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.

6.5CVSS5.5AI score0.00054EPSS

CVE•added 2022/08/05 5:15 p.m.•54 views

CVE-2021-28511

This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an I...

6.5CVSS6.1AI score0.0006EPSS

CVE•added 2022/05/26 8:15 p.m.•44 views

CVE-2021-28508

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to ot...

6.8CVSS6.2AI score0.0015EPSS

CVE•added 2022/05/26 8:15 p.m.•43 views

CVE-2021-28509

6.1CVSS6.2AI score0.00142EPSS

CVE•added 2021/10/21 5:15 p.m.•40 views

CVE-2021-28496

On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the devic...

6.5CVSS6AI score0.00087EPSS

CVE•added 2019/08/15 5:15 p.m.•36 views

CVE-2018-14008

Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.

6.5CVSS6.6AI score0.00136EPSS

CVE•added 2018/03/05 6:29 p.m.•36 views

CVE-2018-5255

The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets.

6.5CVSS6.3AI score0.00605EPSS