Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opendaylight opendaylight - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-1132
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon...
Opendaylight Sdninterfaceapp
7.5
CVSSv2
CVE-2018-1078
OpenDayLight version Carbon SR3 and previous versions contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be ex...
Opendaylight Openflow Sp3
Opendaylight Openflow Sp1
Opendaylight Openflow
Opendaylight Openflow Sp2
7.5
CVSSv2
CVE-2015-1778
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
Opendaylight Opendaylight -
6.8
CVSSv2
CVE-2014-5035
The Netconf (TCP) service in OpenDaylight 1.0 allows remote malicious users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.
Opendaylight Opendaylight 1.0
6.5
CVSSv2
CVE-2014-8149
OpenDaylight defense4all 1.1.0 and previous versions allows remote authenticated users to write report data to arbitrary files.
Opendaylight Defense4all
5
CVSSv2
CVE-2015-1857
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote malicious users to obtain sensitive information by leveraging missing AAA restrictions.
Linuxfoundation Opendaylight
5
CVSSv2
CVE-2017-1000411
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with ...
Opendaylight Opendaylight Boron
Opendaylight Opendaylight Carbon
Opendaylight Opendaylight Nitrogen
Opendaylight Openflow Nitrogen
Opendaylight Openflow Carbon
Opendaylight Openflow Boron
5
CVSSv2
CVE-2017-1000406
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
Opendaylight Karaf 0.6.1-carbon
5
CVSSv2
CVE-2017-1000357
Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 (Lithium-SR3), 3.4 ...
Opendaylight Opendaylight 3.3
Opendaylight Opendaylight 4.0
5
CVSSv2
CVE-2017-1000359
Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
Opendaylight Opendaylight 3.3
Opendaylight Opendaylight 4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »