4.15

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-23	CVE-2015-5239	Infinite Loop vulnerability in multiple products Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. network low complexity qemu fedoraproject canonical suse arista CWE-835	6.5
2019-10-24	CVE-2019-17596	Interpretation Conflict vulnerability in multiple products Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. network low complexity golang debian fedoraproject redhat opensuse arista CWE-436	7.5
2019-08-15	CVE-2018-14008	Improper Authentication vulnerability in Arista EOS Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled. low complexity arista CWE-287	6.5
2018-04-12	CVE-2018-5254	Channel and Path Errors vulnerability in Arista EOS Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message. network low complexity arista CWE-417	7.5
2017-10-04	CVE-2017-14491	Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. network low complexity thekelleys redhat canonical debian opensuse suse nvidia huawei arista siemens arubanetworks synology CWE-787 critical	9.8