Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openvswitch openvswitch vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2019-25076
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x up to and including 2.17.2 and 3.0.0 allows remote malicious users to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classificati...
Openvswitch Openvswitch 3.0.0
Openvswitch Openvswitch
4.3
CVSSv2
CVE-2021-36980
Open vSwitch (aka openvswitch) 2.11.0 up to and including 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
Openvswitch Openvswitch
4.3
CVSSv2
CVE-2017-14970
In lib/ofp-util.c in Open vSwitch (OvS) prior to 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow cont...
Openvswitch Openvswitch
3.3
CVSSv2
CVE-2017-9263
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicio...
Openvswitch Openvswitch 2.7.0
7.5
CVSSv2
CVE-2017-9265
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
Openvswitch Openvswitch 2.7.0
NA
CVE-2024-22563
openvswitch 2.17.8 exists to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.
Openvswitch Openvswitch 2.17.8
5.8
CVSSv2
CVE-2016-10377
In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.
Openvswitch Openvswitch 2.5.0
3.6
CVSSv2
CVE-2012-3449
Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.
Openvswitch Openvswitch 1.4.2
NA
CVE-2022-4337
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
Openvswitch Openvswitch
Debian Debian Linux 11.0
NA
CVE-2022-4338
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
Openvswitch Openvswitch
Debian Debian Linux 11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »