Vulnerabilities > Opendaylight

DATE CVE VULNERABILITY TITLE RISK
2024-09-15 CVE-2024-46942 Unspecified vulnerability in Opendaylight Model-Driven Service Abstraction Layer
In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment.
network
low complexity
opendaylight
6.5
2024-09-15 CVE-2024-46943 Unspecified vulnerability in Opendaylight Authentication, Authorization and Accounting
An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3.
network
low complexity
opendaylight
7.5
2018-06-20 CVE-2018-1132 SQL Injection vulnerability in Opendaylight Sdninterfaceapp
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI).
network
low complexity
opendaylight CWE-89
7.5
2018-03-16 CVE-2018-1078 Unspecified vulnerability in Opendaylight Openflow Sp1/Sp2/Sp3
OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired.
network
low complexity
opendaylight
7.5
2018-01-31 CVE-2017-1000411 Improper Resource Shutdown or Release vulnerability in Opendaylight and Openflow
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown.
network
low complexity
opendaylight CWE-404
5.0
2017-11-30 CVE-2017-1000406 7PK - Security Features vulnerability in Opendaylight Karaf 0.6.1Carbon
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g.
network
low complexity
opendaylight CWE-254
5.0
2017-06-27 CVE-2015-1778 Improper Authentication vulnerability in Opendaylight
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
network
low complexity
opendaylight CWE-287
7.5
2017-06-27 CVE-2014-8149 Improper Input Validation vulnerability in Opendaylight Defense4All
OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files.
network
low complexity
opendaylight CWE-20
6.5
2017-04-24 CVE-2017-1000361 Unspecified vulnerability in Opendaylight 3.3/4.0
DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight.
network
low complexity
opendaylight
5.0
2017-04-24 CVE-2017-1000360 NULL Pointer Dereference vulnerability in Opendaylight 3.3/4.0
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql.
network
low complexity
opendaylight CWE-476
5.0