CVE-2018-5254
published 2018-04-12CVE-2018-5254: Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.
PriorityP430high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
1.26%
65.8th percentile
Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | nifi | — | — |
| arista | eos | < 4.20.2f | 4.20.2f |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
ghsa9.8CRITICAL
vendor_apache9.8
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fwcg-fqr6-423c: Arista EOS before 4
ghsa_unreviewed·2022-05-14
CVE-2018-5254 [HIGH] GHSA-fwcg-fqr6-423c: Arista EOS before 4
Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.
GHSA
Apache NiFi JMS Deserialization issue
ghsa·2022-05-14·CVSS 9.8
CVE-2018-1310 [CRITICAL] CWE-502 Apache NiFi JMS Deserialization issue
Apache NiFi JMS Deserialization issue
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
Apache
Apache nifi: CVE-2018-1310
vendor_apache·CVSS 9.8
CVE-2018-1310 Apache nifi: CVE-2018-1310
Apache nifi: CVE-2018-1310
Title: Potential Denial of Service in JMS Processors Published: 2018-04-08 Severity: Medium Products: Apache NiFi Affected Versions: 0.1.0 to 1.5.0 Fixed Versions: 1.6.0 Reporter: 圆珠笔 References CVE Record: CVE-2018-1310 NVD Record: CVE-2018-1310 Apache Jira Issue: NIFI-4870 GitHub Pull Request: 2469 Malicious JMS content could cause denial of service in impacted Processors. See ActiveMQ CVE-2015-5254 announcement for more information. NiFi 1.6.0 upgrades the activemq-client library to 5.15.3. Users running a prior release should upgrade to 1.6.0.
Severity: moderate
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-04-12
Published