Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
No results found.
Remaining NVD entries (unprocessed / no code available): ~285528 :
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2025-05-08 | CVE-2024-8100 | On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision. | N/A | N/A | |
| 2025-05-08 | CVE-2025-0505 | On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected. | N/A | N/A | |
| 2025-05-08 | CVE-2025-27695 | Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure. | N/A | N/A | |
| 2025-05-08 | CVE-2024-12378 | On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear. | N/A | N/A | |
| 2025-05-08 | CVE-2024-11186 | On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service. | N/A | N/A | |
| 2025-05-08 | CVE-2024-13009 | In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests. | N/A | N/A | |
| 2025-05-08 | CVE-2025-1948 | In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting. | N/A | N/A |