Vulnerabilities > Arista
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2015-5278 | Infinite Loop vulnerability in multiple products The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | 6.5 |
| 2020-01-23 | CVE-2015-5239 | Infinite Loop vulnerability in multiple products Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | 6.5 |
| 2019-12-19 | CVE-2019-18181 | Unspecified vulnerability in Arista Cloudvision Portal In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. | 7.8 |
| 2019-12-19 | CVE-2019-18615 | Insufficiently Protected Credentials vulnerability in Arista Cloudvision Portal 2018.2.0/2018.2.3 In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. | 4.9 |
| 2019-10-24 | CVE-2019-17596 | Interpretation Conflict vulnerability in multiple products Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. | 7.5 |
| 2019-10-10 | CVE-2019-14810 | Race Condition vulnerability in Arista Extensible Operating System A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. | 5.9 |
| 2019-08-15 | CVE-2018-14008 | Improper Authentication vulnerability in Arista EOS Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled. | 6.5 |
| 2019-08-15 | CVE-2018-12357 | Incorrect Permission Assignment for Critical Resource vulnerability in Arista Cloudvision Portal Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. | 6.5 |
| 2018-04-12 | CVE-2018-5254 | Channel and Path Errors vulnerability in Arista EOS Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message. | 7.5 |
| 2018-03-05 | CVE-2018-5255 | Unspecified vulnerability in Arista EOS The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets. | 6.5 |