Product:

Eos

(Arista)
Repositories https://github.com/torvalds/linux
#Vulnerabilities 44
Date Id Summary Products Score Patch Annotated
2015-08-31 CVE-2015-3214 The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. Eos, Debian_linux, Emc_px12\-400r_ivx, Emc_px12\-450r_ivx, Linux_kernel, Qemu, Enterprise_linux_compute_node_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Openstack, Virtualization N/A
2020-01-23 CVE-2015-5239 Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. Eos, Ubuntu_linux, Fedora, Qemu, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit 6.5
2020-01-23 CVE-2015-5745 Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. Eos, Fedora, Qemu 6.5
2015-11-06 CVE-2015-6855 hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. Eos, Ubuntu_linux, Debian_linux, Fedora, Qemu, Linux_enterprise_desktop, Linux_enterprise_server 7.5
2020-01-23 CVE-2015-5278 The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. Eos, Ubuntu_linux, Fedora, Qemu 6.5
2020-04-16 CVE-2019-18948 An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train. Eos 7.5
2019-08-15 CVE-2018-14008 Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled. Eos 6.5
2018-03-05 CVE-2018-5255 The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets. Eos 6.5
2018-04-12 CVE-2018-5254 Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message. Eos 7.5
2015-11-19 CVE-2015-8236 Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716. Eos N/A