cbcvebase.

Arista Eos vulnerabilities

44 known vulnerabilities affecting arista/eos.

Total CVEs
44
CISA KEV
2
actively exploited
Public exploits
5
Exploited in wild
3
Severity breakdown
CRITICAL9HIGH17MEDIUM14LOW4

Vulnerabilities

Page 3 of 3
CVE-2020-25686P4LOWCVSS 3.7≥ 4.21, < 4.21.14m≥ 4.22, < 4.22.9m+3 more2021-01-20
CVE-2020-25686 [LOW] CVE-2020-25686: A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to
nvd
CVE-2020-25684P4LOWCVSS 3.7≥ 4.21, < 4.21.14m≥ 4.22, < 4.22.9m+3 more2021-01-20
CVE-2020-25684 [LOW] CWE-358 CVE-2020-25684: A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmas A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an atta
nvd
CVE-2020-25685P4LOWCVSS 3.7≥ 4.21, < 4.21.14m≥ 4.22, < 4.22.9m+3 more2021-01-20
CVE-2020-25685 [LOW] CVE-2020-25685: A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmas A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to
nvd
CVE-2015-6815P4LOWCVSS 3.5v4.12v4.13+2 more2020-01-31
CVE-2015-6815 [LOW] CWE-835 CVE-2015-6815: The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process tran The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
nvd
Arista Eos vulnerabilities | cvebase