CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1078
https://notcve.org/view.php?id=CVE-2018-1078
16 Mar 2018 — OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired. OpenDayLight, en versiones Carbon SR3 y anteriores, contiene una vulnerabilidad durante la reconciliación de nodos que puede resultar en flujos de tráfico que deberían estar caducados o deberían hacerlo en breves se reinstalen y result... • https://bugzilla.redhat.com/show_bug.cgi?id=1533501 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1000411
https://notcve.org/view.php?id=CVE-2017-1000411
31 Jan 2018 — OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) ... • http://seclists.org/oss-sec/2018/q1/52 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1611
https://notcve.org/view.php?id=CVE-2015-1611
04 Apr 2017 — OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection." Plugin OpenFlow para OpenDaylight en versiones anteriores a Helium SR3 permite a atacantes remotos falsificar la topología SDN y afectar al flujo de datos, relacionados con "falsa inyección LLDP". • http://www.internetsociety.org/sites/default/files/10_4_2.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1612
https://notcve.org/view.php?id=CVE-2015-1612
04 Apr 2017 — OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay." Plugin OpenFlow para OpenDaylight en versiones anteriores a Helium SR3 permite a atacantes remotos falsificar la topología SDN y afectar al flujo de datos, relacionados con la reutilización de los paquetes LLDP, también conocido como "LLDP Relay". • http://www.internetsociety.org/sites/default/files/10_4_2.pdf • CWE-20: Improper Input Validation •