Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opendaylight opendaylight - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2015-1778
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
Opendaylight Opendaylight -
5
CVSSv2
CVE-2017-1000359
Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
Opendaylight Opendaylight 3.3
Opendaylight Opendaylight 4.0
5
CVSSv2
CVE-2017-1000360
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
Opendaylight Opendaylight 3.3
Opendaylight Opendaylight 4.0
5
CVSSv2
CVE-2017-1000361
DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
Opendaylight Opendaylight 4.0
Opendaylight Opendaylight 3.3
5
CVSSv2
CVE-2017-1000357
Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 (Lithium-SR3), 3.4 ...
Opendaylight Opendaylight 3.3
Opendaylight Opendaylight 4.0
4
CVSSv2
CVE-2017-1000358
Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is affected by this flaw.
Opendaylight Opendaylight 4.0
5
CVSSv2
CVE-2015-1611
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote malicious users to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection."
Opendaylight Openflow -
5
CVSSv2
CVE-2015-1612
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote malicious users to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."
Opendaylight Openflow -
5
CVSSv2
CVE-2015-1610
hosttracker in OpenDaylight l2switch allows remote malicious users to change the host location information by spoofing the MAC address, aka "topology spoofing."
Opendaylight L2switch -
6.8
CVSSv2
CVE-2014-5035
The Netconf (TCP) service in OpenDaylight 1.0 allows remote malicious users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.
Opendaylight Opendaylight 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2