Known Vulnerabilities for products from Opendaylight
Listed below are 16 of the newest known vulnerabilities associated with the vendor "Opendaylight".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-1132 json | A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without... | 9.8 - CRITICAL | 2018-06-20 | 2019-10-09 |
| CVE-2018-1078 json | OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flo... | 9.8 - CRITICAL | 2018-03-16 | 2019-10-09 |
| CVE-2017-1000411 json | OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when ... | 7.5 - HIGH | 2018-01-31 | 2019-10-03 |
| CVE-2017-1000406 json | OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until ... | 7.5 - HIGH | 2017-11-30 | 2017-12-20 |
| CVE-2017-1000361 json | DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions an... | 7.5 - HIGH | 2017-04-24 | 2019-10-03 |
| CVE-2017-1000360 json | StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the conso... | 5.3 - MEDIUM | 2017-04-24 | 2019-10-03 |
| CVE-2017-1000359 json | Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerab... | 5.3 - MEDIUM | 2017-04-24 | 2019-10-03 |
| CVE-2017-1000358 json | Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDayligh... | 6.5 - MEDIUM | 2017-04-24 | 2019-10-03 |
| CVE-2017-1000357 json | Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affect... | 7.5 - HIGH | 2017-04-24 | 2019-10-03 |
| CVE-2015-1857 json | The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging mis... | 5.3 - MEDIUM | 2018-04-27 | 2021-06-16 |
| CVE-2015-1778 json | The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authentica... | 9.8 - CRITICAL | 2017-06-27 | 2017-07-05 |
| CVE-2015-1612 json | OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of d... | 7.5 - HIGH | 2017-04-04 | 2017-04-11 |
| CVE-2015-1611 json | OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of d... | 7.5 - HIGH | 2017-04-04 | 2017-04-11 |
| CVE-2015-1610 json | hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC addr... | 5.3 - MEDIUM | 2017-03-20 | 2017-03-23 |
| CVE-2014-8149 json | OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files. | 8.8 - HIGH | 2017-06-27 | 2017-07-03 |
| CVE-2014-5035 json | The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity decl... | 6.8 - MEDIUM | 2014-08-26 | 2018-10-09 |
Known software with vulnerabilities from Opendaylight
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Opendaylight | Defense4all | 1.1.0 |
| Application | Opendaylight | Opendaylight | - |