CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1000411
https://notcve.org/view.php?id=CVE-2017-1000411
31 Jan 2018 — OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) ... • http://seclists.org/oss-sec/2018/q1/52 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2015-1778
https://notcve.org/view.php?id=CVE-2015-1778
27 Jun 2017 — The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. La autenticación personalizada realm utilizada por karaf-tomcat "opendaylight" en Opendaylight antes Helium SR3 autenticará cualquier nombre de usuario y combinación de contraseña. • http://www.openwall.com/lists/oss-security/2015/03/20/3 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000358
https://notcve.org/view.php?id=CVE-2017-1000358
24 Apr 2017 — Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is affected by this flaw. El controlador lanza una excepción y no permite al usuario agregar flujo posterior para un switch en particular. Componente: La característica OpenDaylight odl-restconf contiene este fallo. • https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-1000357
https://notcve.org/view.php?id=CVE-2017-1000357
24 Apr 2017 — Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 (Lithium-SR3), 3.4 (Lithium-SR4), 4.0 (Beryllium), 4.1 (Beryllium-SR1), 4.2 (Beryllium-SR2), and 4.4 (Beryllium-SR4) are affected by this flaw. Java version is openjdk version 1.8.0_91. Un ataque de Denegación de Servicio cuando el switch rechaza reci... • https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2017-1000360
https://notcve.org/view.php?id=CVE-2017-1000360
24 Apr 2017 — StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. StreamCorruptedException y NullPointerException en OpenDaylight odl-mdsal-xsql. • https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-1000361
https://notcve.org/view.php?id=CVE-2017-1000361
24 Apr 2017 — DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. DOMRpcImplementationNotAvailableException al enviar paquetes Port-Status a OpenDaylight. • https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2017-1000359
https://notcve.org/view.php?id=CVE-2017-1000359
24 Apr 2017 — Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. Error de falta de memoria en Java y aumento significativo en el consumo de recursos. Componente: OpenDaylight odl-mdsal-xsql es vulnerable a este fallo. • https://aaltodoc.aalto.fi/bitstream/handle/123456789/21584/master_Bidaj_Andi_2016.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5035 – Opendaylight 1.0 Local File Inclusion / Remote File Inclusion
https://notcve.org/view.php?id=CVE-2014-5035
12 Aug 2014 — The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue. El servicio Netconf (TCP) en OpenDaylight 1.0 permite a atacantes remotos leer ficheros arbitrarios a través de una declaración de entidad externa XML en conjunto con una referencia de entidad en un mensaje XML-RPC, relacionado con un problema de entidad externa XML (X... • http://packetstormsecurity.com/files/127843/Opendaylight-1.0-Local-File-Inclusion-Remote-File-Inclusion.html •