Lucene search
K

232 matches found

Github Security Blog
Github Security Blog
added 2025/03/24 9:30 p.m.8 views

OpenDaylight SFC Denial of Service (DoS)

Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service DoS...

7.5CVSS7.1AI score0.0037EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2025/03/24 9:15 p.m.10 views

CVE-2025-29315

An issue in the Shiro-based RBAC Role-based Access Control mechanism of OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request...

9.8CVSS0.00378EPSS
Exploits0References1
NVD
NVD
added 2025/03/24 9:15 p.m.9 views

CVE-2025-29314

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...

8.1CVSS0.00204EPSS
Exploits0References1
NVD
NVD
added 2025/03/24 9:15 p.m.9 views

CVE-2025-29313

Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service DoS...

7.5CVSS0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/24 12:0 a.m.5 views

CVE-2025-29314

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...

6.6AI score0.00204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/24 12:0 a.m.3 views

CVE-2025-29313

Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service DoS...

7.1AI score0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/24 12:0 a.m.3 views

CVE-2025-29315

An issue in the Shiro-based RBAC Role-based Access Control mechanism of OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request...

7.2AI score0.00378EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.4 views

OpenDaylight(ODL) 安全漏洞

OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in OpenDaylight ODL Sodium-SR4 and earlier versions, which stems from a flaw in the Shiro-based RBAC mechanism that allows an attacker to perform privileged operations via specially...

9.8CVSS6.4AI score0.00378EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/24 12:0 a.m.11 views

CVE-2025-29314

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...

0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/24 12:0 a.m.10 views

CVE-2025-29315

An issue in the Shiro-based RBAC Role-based Access Control mechanism of OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request...

0.00378EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.5 views

OpenDaylight(ODL) 安全漏洞

OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in OpenDaylight ODL Sodium-SR4 and earlier versions, which stems from an insecure Shiro cookie configuration that could lead to a man-in-the-middle attack to access sensitive informati...

8.1CVSS6.2AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 2025/03/24 12:0 a.m.61 views

CVE-2025-29315

The CVE describes a Shiro-based RBAC flaw in OpenDaylight SFC Sodium-SR4 and earlier, enabling privilege escalation via a crafted request. Affected component: OpenDaylight SFC (SFC Sodium-SR4 and below); root cause: flaws in Shiro RBAC enforcement allowing privileged operations. Impact (as per CV...

9.8CVSS7.2AI score0.00378EPSS
Exploits0References1
CVE
CVE
added 2025/03/24 12:0 a.m.66 views

CVE-2025-29314

CVE-2025-29314 affects OpenDaylight Service Function Chaining (SFC) Sodium-SR4 and earlier. The root cause is insecure Shiro cookie configurations (e.g., _secureCookies=False, _httpOnly=False) that enable a man-in-the-middle to access sensitive data. CVSSv3.1: 8.1 (HIGH) with network attack vecto...

8.1CVSS6.6AI score0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/24 12:0 a.m.13 views

CVE-2025-29313

Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service DoS...

0.0037EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.5 views

OpenDaylight(ODL) 安全漏洞

OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in OpenDaylight ODL Sodium-SR4 and earlier versions, which stems from a name or reference resolution error that could lead to a denial of service...

7.5CVSS6.3AI score0.0037EPSS
Exploits0References1
CVE
CVE
added 2025/03/24 12:0 a.m.62 views

CVE-2025-29313

The CVE-2025-29313 entry describes a Denial of Service affecting OpenDaylight SFC Sodium-SR4 and earlier subprojects, caused by incorrect resolution of names or references in the SFC component. Affected component: OpenDaylight Service Function Chaining (SFC). Root cause: improper handling of name...

7.5CVSS7.1AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 2:50 a.m.15 views

CVE-2024-37018

The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets...

9.1CVSS6.9AI score0.00433EPSS
Exploits0References1
OSV
OSV
added 2024/09/20 1:52 p.m.17 views

RHSA-2018:2598 Red Hat Security Advisory: opendaylight security and bug fix update

Bulletin has no description...

5.9CVSS6.5AI score0.05119EPSS
Exploits0References20
Veracode
Veracode
added 2024/09/17 5:21 a.m.12 views

Improper Authorization

org.opendaylight.mdsal : mdsal-artifacts is vulnerable to Improper Authorization. The vulnerability is due to improper role enforcement, allowing a controller with a follower role to configure flow entries in an OpenDaylight clustering deployment...

9.1CVSS6.6AI score0.00443EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/09/17 5:9 a.m.15 views

Improper Authorization

org.opendaylight.aaa : aaa-authn-api is vulnerable to Improper Authorization. The vulnerability is due to inadequate validation of cluster membership in OpenDaylight AAA, allowing a rogue controller to impersonate an offline peer even without complete cluster configuration information...

9.1CVSS7AI score0.00556EPSS
Exploits0References4
Rows per page
Query Builder