CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE Linux•added 2026/05/15 3:22 p.m.•5 views

Security update for openvswitch

This update for openvswitch fixes the following issue: CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...

8.2CVSS5.8AI score0.0014EPSS

Microsoft CVE•added 2026/05/15 8:2 a.m.•8 views

Openvswitch: open vswitch: denial of service via malformed ftp epasv command

...

Tenable Nessus•added 2026/05/11 12:0 a.m.•5 views

Exploits0

Unity Linux 20.1060e / 20.1070e Security Update: openvswitch (UTSA-2026-017645)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017645 advisory. A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLV...

7.5CVSS7AI score0.00504EPSS

Tenable Nessus•added 2026/05/11 12:0 a.m.•4 views

Unity Linux 20.1060e / 20.1070e Security Update: openvswitch (UTSA-2026-017640)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017640 advisory. A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packe...

7.8CVSS7AI score0.05687EPSS

AlpineLinux•added 2026/05/05 8:45 p.m.•9 views

CVE-2026-39402

lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the findline function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a...

6.5CVSS5.8AI score0.00015EPSS

Exploits1References1

ATTACKERKB•added 2026/05/05 8:45 p.m.•2 views

CVE-2026-39402

4.3CVSS5.8AI score0.00015EPSS

Exploits1References2Affected Software1

CVE•added 2026/05/05 8:45 p.m.•7 views

CVE-2026-39402

Summary: CVE-2026-39402 affects the LXC user network helper (lxc-user-nic) in multi-tenant setups using Open vSwitch bridges. The delete path in the setuid helper contains a logic flaw in find_line() that can authorize deletion based on a name match even when ownership/type/link fields belong to ...

6.5CVSS5.8AI score0.00015EPSS

Exploits1References1Affected Software1

EUVD•added 2026/05/05 6:33 p.m.•2 views

EUVD-2026-27345

A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...

NVD•added 2026/05/05 4:16 p.m.•3 views

CVE-2026-34956

5.9CVSS0.0014EPSS

Exploits0References3

ATTACKERKB•added 2026/05/05 3:45 p.m.•2 views

CVE-2026-34956

Vulnrichment•added 2026/05/05 3:45 p.m.•5 views

Exploits0References3

CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command

CVE•added 2026/05/05 3:45 p.m.•10 views

CVE-2026-34956

CVE-2026-34956 affects Open vSwitch: the vulnerability is in the userspace conntrack FTP ALG handler where a crafted FTP payload (EPASV/FTP substrings) can trigger an invalid memory access due to type narrowing when copying FTP substrings. This memory access can crash the process, causing Denial ...

Cvelist•added 2026/05/05 3:45 p.m.•37 views

Exploits0References3

CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command

5.9CVSS0.0014EPSS

Debian CVE•added 2026/05/05 3:45 p.m.•2 views

CVE-2026-34956

CNNVD•added 2026/05/05 12:0 a.m.•4 views

Exploits0

Open vSwitch 安全漏洞

Open vSwitch is a virtual switch developed as part of the Collaborative Project. There is a security vulnerability in Open vSwitch. This vulnerability arises when configuring conntrack streams that use FTP auxiliary programs. A remote attacker can send a specially crafted FTP stream, resulting in...

Tenable Nessus•added 2026/05/04 12:0 a.m.•4 views

RHCOS 3 : openvswitch (RHSA-2016:0615)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0615 advisory. - openvswitch: MPLS buffer overflow vulnerability CVE-2016-2074 Note that Nessus has not tested for this issue but has instead relied only on...

9.8CVSS7.5AI score0.09337EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux - уязвимость в openvswitch

A flaw was discovered in Open vSwitch, where multiple versions are vulnerable to crafted Geneve packets, which may lead to a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled...

7.5CVSS6.8AI score0.00045EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в openvswitch

An out-of-bounds read in the Organization-Specific TLV was found in various versions of OpenvSwitch...

9.8CVSS7.2AI score0.00473EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в openvswitch

A flaw was discovered in Open vSwitch, allowing ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may enable a local attacker to create specially crafted packets with a modified or spoofed target IP address field, which can redirect ICMPv6 traffic...

7.1CVSS6.7AI score0.0002EPSS