Vulnerabilities > Opendaylight

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-1000359 Resource Exhaustion vulnerability in Opendaylight 3.3/4.0
Java out of memory error and significant increase in resource consumption.
network
low complexity
opendaylight CWE-400
5.0
2017-04-24 CVE-2017-1000358 NULL Pointer Dereference vulnerability in Opendaylight 4.0
Controller throws an exception and does not allow user to add subsequent flow for a particular switch.
network
low complexity
opendaylight CWE-476
4.0
2017-04-24 CVE-2017-1000357 Resource Exhaustion vulnerability in Opendaylight 3.3/4.0
Denial of Service attack when the switch rejects to receive packets from the controller.
network
low complexity
opendaylight CWE-400
5.0
2017-04-04 CVE-2015-1612 Improper Input Validation vulnerability in Opendaylight Openflow
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."
network
low complexity
opendaylight CWE-20
5.0
2017-04-04 CVE-2015-1611 Improper Input Validation vulnerability in Opendaylight Openflow
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection."
network
low complexity
opendaylight CWE-20
5.0
2017-03-20 CVE-2015-1610 Permissions, Privileges, and Access Controls vulnerability in Opendaylight L2Switch
hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing."
network
low complexity
opendaylight CWE-264
5.0
2014-08-26 CVE-2014-5035 XML External Entity Injection vulnerability in Opendaylight 1.0
The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.
network
opendaylight
6.8