Vulnerabilities > Opendaylight
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-15 | CVE-2024-46942 | Unspecified vulnerability in Opendaylight Model-Driven Service Abstraction Layer In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment. | 6.5 |
| 2024-09-15 | CVE-2024-46943 | Unspecified vulnerability in Opendaylight Authentication, Authorization and Accounting An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. | 7.5 |
| 2018-06-20 | CVE-2018-1132 | SQL Injection vulnerability in Opendaylight Sdninterfaceapp A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). | 9.8 |
| 2018-03-16 | CVE-2018-1078 | Unspecified vulnerability in Opendaylight Openflow Sp1/Sp2/Sp3 OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired. | 9.8 |
| 2018-01-31 | CVE-2017-1000411 | Improper Resource Shutdown or Release vulnerability in Opendaylight and Openflow OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. | 7.5 |
| 2017-11-30 | CVE-2017-1000406 | 7PK - Security Features vulnerability in Opendaylight Karaf 0.6.1Carbon OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. | 7.5 |
| 2017-06-27 | CVE-2015-1778 | Improper Authentication vulnerability in Opendaylight The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. | 9.8 |
| 2017-06-27 | CVE-2014-8149 | Improper Input Validation vulnerability in Opendaylight Defense4All 1.1.0 OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files. | 8.8 |
| 2017-04-24 | CVE-2017-1000361 | Unspecified vulnerability in Opendaylight 3.3/4.0 DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. | 7.5 |
| 2017-04-24 | CVE-2017-1000360 | NULL Pointer Dereference vulnerability in Opendaylight 3.3/4.0 StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. | 5.3 |