Vulnerabilities > Openvswitch > Openvswitch > 1.4.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-06 | CVE-2023-5366 | Insufficient Verification of Data Authenticity vulnerability in multiple products A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. | 5.5 |
| 2023-01-10 | CVE-2022-4337 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. | 9.8 |
| 2023-01-10 | CVE-2022-4338 | Out-of-bounds Read vulnerability in multiple products An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | 9.8 |
| 2022-08-23 | CVE-2021-3905 | Memory Leak vulnerability in multiple products A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. | 7.5 |
| 2017-10-02 | CVE-2017-14970 | Missing Release of Resource after Effective Lifetime vulnerability in Openvswitch In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. | 4.3 |
| 2012-08-07 | CVE-2012-3449 | Permissions, Privileges, and Access Controls vulnerability in Openvswitch 1.4.2 Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files. | 3.6 |