Known Vulnerabilities for products from Opendaylight

Listed below are 16 of the newest known vulnerabilities associated with the vendor "Opendaylight".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2018-1132 json A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without... 9.8 - CRITICAL 2018-06-20 2019-10-09
CVE-2018-1078 json OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flo... 9.8 - CRITICAL 2018-03-16 2019-10-09
CVE-2017-1000411 json OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when ... 7.5 - HIGH 2018-01-31 2019-10-03
CVE-2017-1000406 json OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until ... Not Provided 2017-11-30 2025-04-20
CVE-2017-1000361 json DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions an... Not Provided 2017-04-24 2025-04-20
CVE-2017-1000360 json StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the conso... Not Provided 2017-04-24 2025-04-20
CVE-2017-1000359 json Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerab... Not Provided 2017-04-24 2025-04-20
CVE-2017-1000358 json Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDayligh... Not Provided 2017-04-24 2025-04-20
CVE-2017-1000357 json Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affect... Not Provided 2017-04-24 2025-04-20
CVE-2015-1857 json The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging mis... 5.3 - MEDIUM 2018-04-27 2021-06-16
CVE-2015-1778 json The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authentica... Not Provided 2017-06-27 2025-04-20
CVE-2015-1612 json OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of d... Not Provided 2017-04-04 2025-04-20
CVE-2015-1611 json OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of d... Not Provided 2017-04-04 2025-04-20
CVE-2015-1610 json hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC addr... Not Provided 2017-03-20 2025-04-20
CVE-2014-8149 json OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files. Not Provided 2017-06-27 2025-04-20
CVE-2014-5035 json The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity decl... Not Provided 2014-08-26 2026-05-06

Known software with vulnerabilities from Opendaylight

Type Vendor Product Version
ApplicationOpendaylightDefense4all1.1.0
ApplicationOpendaylightOpendaylight-
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report