Vulnerabilities > Openvswitch > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-06 | CVE-2023-5366 | Insufficient Verification of Data Authenticity vulnerability in multiple products A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. | 5.5 |
| 2022-09-08 | CVE-2019-25076 | Unspecified vulnerability in Openvswitch The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack. | 5.8 |
| 2022-08-29 | CVE-2022-0669 | A flaw was found in dpdk. | 6.5 |
| 2021-07-20 | CVE-2021-36980 | Use After Free vulnerability in Openvswitch Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. | 5.5 |
| 2018-09-19 | CVE-2018-17206 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. | 4.9 |
| 2018-09-19 | CVE-2018-17204 | Reachable Assertion vulnerability in multiple products An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. | 4.3 |
| 2017-10-02 | CVE-2017-14970 | Missing Release of Resource after Effective Lifetime vulnerability in Openvswitch In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. | 5.9 |
| 2017-05-29 | CVE-2017-9263 | Improper Input Validation vulnerability in Openvswitch 2.7.0 In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. | 6.5 |