Vulnerabilities > Opendaylight

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-1000359 Resource Exhaustion vulnerability in Opendaylight 3.3/4.0
Java out of memory error and significant increase in resource consumption.
network
low complexity
opendaylight CWE-400
5.3
2017-04-24 CVE-2017-1000358 NULL Pointer Dereference vulnerability in Opendaylight 4.0
Controller throws an exception and does not allow user to add subsequent flow for a particular switch.
network
low complexity
opendaylight CWE-476
6.5
2017-04-24 CVE-2017-1000357 Resource Exhaustion vulnerability in Opendaylight 3.3/4.0
Denial of Service attack when the switch rejects to receive packets from the controller.
network
low complexity
opendaylight CWE-400
7.5
2017-04-04 CVE-2015-1612 Improper Input Validation vulnerability in Opendaylight Openflow
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."
network
low complexity
opendaylight CWE-20
7.5
2017-04-04 CVE-2015-1611 Improper Input Validation vulnerability in Opendaylight Openflow
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection."
network
low complexity
opendaylight CWE-20
7.5
2017-03-20 CVE-2015-1610 Permissions, Privileges, and Access Controls vulnerability in Opendaylight L2Switch
hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing."
network
low complexity
opendaylight CWE-264
5.3