Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opendaylight opendaylight - vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2017-1000358
Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is affected by this flaw.
Opendaylight Opendaylight 4.0
NA
CVE-2014-5035
The Netconf (TCP) service in OpenDaylight 1.0 allows remote malicious users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.
Opendaylight Opendaylight 1.0
9.8
CVSSv3
CVE-2018-1132
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon...
Opendaylight Sdninterfaceapp
8.8
CVSSv3
CVE-2014-8149
OpenDaylight defense4all 1.1.0 and previous versions allows remote authenticated users to write report data to arbitrary files.
Opendaylight Defense4all
5.3
CVSSv3
CVE-2015-1610
hosttracker in OpenDaylight l2switch allows remote malicious users to change the host location information by spoofing the MAC address, aka "topology spoofing."
Opendaylight L2switch -
7.5
CVSSv3
CVE-2015-1611
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote malicious users to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection."
Opendaylight Openflow -
7.5
CVSSv3
CVE-2015-1612
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote malicious users to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."
Opendaylight Openflow -
5.3
CVSSv3
CVE-2015-1857
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote malicious users to obtain sensitive information by leveraging missing AAA restrictions.
Linuxfoundation Opendaylight
7.5
CVSSv3
CVE-2017-1000406
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
Opendaylight Karaf 0.6.1-carbon
NA
CVE-2024-37018
The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2