Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

opendaylight opendaylight - vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2022-45930
A SQL injection issue exists in AAA in OpenDaylight (ODL) prior to 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface.
Linuxfoundation Opendaylight 0.16.0Linuxfoundation Opendaylight 0.16.4Linuxfoundation Opendaylight 0.15.6Linuxfoundation Opendaylight 0.15.0
7.5
CVSSv3
CVE-2022-45931
A SQL injection issue exists in AAA in OpenDaylight (ODL) prior to 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
Linuxfoundation Opendaylight 0.16.0Linuxfoundation Opendaylight 0.16.4Linuxfoundation Opendaylight 0.15.6Linuxfoundation Opendaylight 0.15.0
7.5
CVSSv3
CVE-2022-45932
A SQL injection issue exists in AAA in OpenDaylight (ODL) prior to 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
Linuxfoundation Opendaylight 0.16.0Linuxfoundation Opendaylight 0.16.4Linuxfoundation Opendaylight 0.15.6Linuxfoundation Opendaylight 0.15.0
9.8
CVSSv3
CVE-2018-1132
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon...
Opendaylight Sdninterfaceapp
5.3
CVSSv3
CVE-2015-1857
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote malicious users to obtain sensitive information by leveraging missing AAA restrictions.
Linuxfoundation Opendaylight
9.8
CVSSv3
CVE-2018-1078
OpenDayLight version Carbon SR3 and previous versions contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be ex...
Opendaylight Openflow Sp3Opendaylight Openflow Sp1Opendaylight OpenflowOpendaylight Openflow Sp2
7.5
CVSSv3
CVE-2017-1000411
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with �...
Opendaylight Opendaylight BoronOpendaylight Opendaylight CarbonOpendaylight Opendaylight NitrogenOpendaylight Openflow NitrogenOpendaylight Openflow CarbonOpendaylight Openflow Boron
7.5
CVSSv3
CVE-2017-1000406
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
Opendaylight Karaf 0.6.1-carbon
9.8
CVSSv3
CVE-2015-1778
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
Opendaylight Opendaylight -
8.8
CVSSv3
CVE-2014-8149
OpenDaylight defense4all 1.1.0 and previous versions allows remote authenticated users to write report data to arbitrary files.
Opendaylight Defense4all
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook