Filtered by vendor Opendaylight
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1078 | 1 Opendaylight | 1 Openflow | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired. | |||||
| CVE-2018-1132 | 1 Opendaylight | 1 Sdninterfaceapp | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to the component not being included in OpenDayLight in newer releases, the SDNInterface component is not packaged in the opendaylight package included in RHEL. | |||||
| CVE-2015-1778 | 1 Opendaylight | 1 Opendaylight | 2017-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. | |||||