Arista

Eos

61 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-15897

Exploit
  • EPSS 0.69%
  • Veröffentlicht 26.10.2020 16:15:13
  • Zuletzt bearbeitet 21.11.2024 05:06:24

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.

7.5

CVE-2020-17355

  • EPSS 0.56%
  • Veröffentlicht 21.10.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:07:56

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being i...

7.5

CVE-2019-18948

  • EPSS 0.46%
  • Veröffentlicht 16.04.2020 19:15:22
  • Zuletzt bearbeitet 21.11.2024 04:33:53

An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M an...

10

CVE-2020-10188

  • EPSS 8.4%
  • Veröffentlicht 06.03.2020 15:15:14
  • Zuletzt bearbeitet 21.01.2026 02:15:47

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

3.5

CVE-2015-6815

  • EPSS 2.25%
  • Veröffentlicht 31.01.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 02:35:42

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecifie...

6.5

CVE-2015-5745

Exploit
  • EPSS 1.92%
  • Veröffentlicht 23.01.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 02:33:45

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

6.5

CVE-2015-5278

  • EPSS 1.85%
  • Veröffentlicht 23.01.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 02:32:42

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

6.5

CVE-2015-5239

  • EPSS 5.06%
  • Veröffentlicht 23.01.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 02:32:37

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

7.5

CVE-2019-17596

Exploit
  • EPSS 2.34%
  • Veröffentlicht 24.10.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:32:36

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

6.5

CVE-2018-14008

  • EPSS 0.18%
  • Veröffentlicht 15.08.2019 17:15:11
  • Zuletzt bearbeitet 21.11.2024 03:48:26

Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.