Vulnerabilities > Arista
|2019-08-15||CVE-2018-14008|| Improper Authentication vulnerability in Arista EOS |
Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.
| 3.3 |
|2019-08-15||CVE-2018-12357|| Incorrect Permission Assignment for Critical Resource vulnerability in Arista Cloudvision Portal |
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.
| 4.0 |
|2018-04-12||CVE-2018-5254|| Channel and Path Errors vulnerability in Arista EOS |
Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.
| 5.0 |
|2018-03-05||CVE-2018-5255|| Unspecified vulnerability in Arista EOS |
The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets.
| 4.0 |
|2018-01-03||CVE-2017-18017|| Use After Free vulnerability in multiple products |
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
| 9.8 |
|2017-10-04||CVE-2017-14491|| Out-of-bounds Write vulnerability in multiple products |
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
| 7.5 |
|2017-01-23||CVE-2016-9012|| Permissions, Privileges, and Access Controls vulnerability in Arista Cloudvision Portal |
CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.
| 6.5 |
|2017-01-04||CVE-2016-6894|| Resource Management Errors vulnerability in Arista products |
Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane.
| 7.8 |
|2015-11-19||CVE-2015-8236|| Permissions, Privileges, and Access Controls vulnerability in Arista EOS |
Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.
| 10.0 |
|2015-11-06||CVE-2015-6855|| Divide By Zero vulnerability in multiple products |
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.
| 5.0 |