232 matches found
OpenDaylight SQL注入漏洞
OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in versions of OpenDaylight ODL prior to 0.16.5, which originates in its aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java component in the /auth/ v1/user...
OpenDaylight SQL注入漏洞
OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in versions of OpenDaylight ODL prior to 0.16.5, which stems from its aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java component in the /auth...
CVE-2022-45930
A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface...
CVE-2022-45931
A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used...
CVE-2022-45932
A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used...
OpenDaylight SQL注入漏洞
OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in versions of OpenDaylight ODL prior to 0.16.5, which originates in its aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java component in the /auth/ v1/role...
CVE-2022-45930
A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface...
CVE-2022-45931
A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used...
CVE-2022-45930
OpenDaylight ODL prior to 0.16.5 is affected by a SQL injection in the AAA domain management path. Specifically, the deleteDomain function in DomainStore.java (aaa-idm-store-h2) handles /auth/v1/domains/ in a way that can allow arbitrary SQL execution. This is caused by the SQL construction/handl...
CVE-2022-45932
OpenDaylight (ODL) AAA component contains a SQL injection in the deleteRole path of RoleStore.deleteRole, exploitable via the /auth/v1/roles/ API. Affects ODL versions prior to 0.16.5. The vulnerability can allow a malicious user to execute arbitrary SQL against the backend database. Remediation:...
CVE-2022-45931
Summary: CVE-2022-45931 affects the AAA component in OpenDaylight (ODL) prior to 0.16.5. The vulnerability resides in the deleteUser function of UserStore.java within aaa-idm-store-h2, exploitable via the /auth/v1/users/ API interface. The issue is a SQL injection that could allow a malicious use...
GHSA-49WF-927P-JPVJ OpenFlow plugin for OpenDaylight allows spoofing the SDN topology
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection."...
GHSA-F2X4-547G-RP95 OpenFlow plugin for OpenDaylight LLDP Relay
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."...
OpenFlow plugin for OpenDaylight allows spoofing the SDN topology
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection."...
OpenFlow plugin for OpenDaylight LLDP Relay
OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."...
GHSA-QM24-4869-99PJ Opendaylight will authenticate any username and password combination
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination...
Opendaylight will authenticate any username and password combination
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination...
GHSA-4PX2-GQHV-MRC7 Password change doesn't result in Karaf clearing cache
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared e.g. via restart...
Password change doesn't result in Karaf clearing cache
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared e.g. via restart...
GHSA-GJQ3-997P-HG6F OpenDaylight NULL Pointer Dereference
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0...