Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opendaylight opendaylight - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-1000411
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with ...
Opendaylight Opendaylight Boron
Opendaylight Opendaylight Carbon
Opendaylight Opendaylight Nitrogen
Opendaylight Openflow Nitrogen
Opendaylight Openflow Carbon
Opendaylight Openflow Boron
5.3
CVSSv3
CVE-2017-1000359
Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
Opendaylight Opendaylight 3.3
Opendaylight Opendaylight 4.0
7.5
CVSSv3
CVE-2017-1000361
DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
Opendaylight Opendaylight 4.0
Opendaylight Opendaylight 3.3
5.3
CVSSv3
CVE-2017-1000360
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
Opendaylight Opendaylight 3.3
Opendaylight Opendaylight 4.0
7.5
CVSSv3
CVE-2017-1000357
Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 (Lithium-SR3), 3.4 ...
Opendaylight Opendaylight 3.3
Opendaylight Opendaylight 4.0
9.8
CVSSv3
CVE-2018-1078
OpenDayLight version Carbon SR3 and previous versions contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be ex...
Opendaylight Openflow Sp3
Opendaylight Openflow Sp1
Opendaylight Openflow
Opendaylight Openflow Sp2
7.5
CVSSv3
CVE-2022-45931
A SQL injection issue exists in AAA in OpenDaylight (ODL) prior to 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
Linuxfoundation Opendaylight 0.16.0
Linuxfoundation Opendaylight 0.16.4
Linuxfoundation Opendaylight 0.15.6
Linuxfoundation Opendaylight 0.15.0
7.5
CVSSv3
CVE-2022-45932
A SQL injection issue exists in AAA in OpenDaylight (ODL) prior to 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
Linuxfoundation Opendaylight 0.16.0
Linuxfoundation Opendaylight 0.16.4
Linuxfoundation Opendaylight 0.15.6
Linuxfoundation Opendaylight 0.15.0
7.5
CVSSv3
CVE-2022-45930
A SQL injection issue exists in AAA in OpenDaylight (ODL) prior to 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface.
Linuxfoundation Opendaylight 0.16.0
Linuxfoundation Opendaylight 0.16.4
Linuxfoundation Opendaylight 0.15.6
Linuxfoundation Opendaylight 0.15.0
9.8
CVSSv3
CVE-2015-1778
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
Opendaylight Opendaylight -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »