232 matches found
OpenDaylight SFC Denial of Service (DoS)
Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service DoS...
CVE-2025-29315
An issue in the Shiro-based RBAC Role-based Access Control mechanism of OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request...
CVE-2025-29314
Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...
CVE-2025-29313
Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service DoS...
CVE-2025-29314
Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...
CVE-2025-29313
Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service DoS...
CVE-2025-29315
An issue in the Shiro-based RBAC Role-based Access Control mechanism of OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request...
OpenDaylight(ODL) 安全漏洞
OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in OpenDaylight ODL Sodium-SR4 and earlier versions, which stems from a flaw in the Shiro-based RBAC mechanism that allows an attacker to perform privileged operations via specially...
CVE-2025-29314
Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...
CVE-2025-29315
An issue in the Shiro-based RBAC Role-based Access Control mechanism of OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request...
OpenDaylight(ODL) 安全漏洞
OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in OpenDaylight ODL Sodium-SR4 and earlier versions, which stems from an insecure Shiro cookie configuration that could lead to a man-in-the-middle attack to access sensitive informati...
CVE-2025-29315
The CVE describes a Shiro-based RBAC flaw in OpenDaylight SFC Sodium-SR4 and earlier, enabling privilege escalation via a crafted request. Affected component: OpenDaylight SFC (SFC Sodium-SR4 and below); root cause: flaws in Shiro RBAC enforcement allowing privileged operations. Impact (as per CV...
CVE-2025-29314
CVE-2025-29314 affects OpenDaylight Service Function Chaining (SFC) Sodium-SR4 and earlier. The root cause is insecure Shiro cookie configurations (e.g., _secureCookies=False, _httpOnly=False) that enable a man-in-the-middle to access sensitive data. CVSSv3.1: 8.1 (HIGH) with network attack vecto...
CVE-2025-29313
Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service DoS...
OpenDaylight(ODL) 安全漏洞
OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in OpenDaylight ODL Sodium-SR4 and earlier versions, which stems from a name or reference resolution error that could lead to a denial of service...
CVE-2025-29313
The CVE-2025-29313 entry describes a Denial of Service affecting OpenDaylight SFC Sodium-SR4 and earlier subprojects, caused by incorrect resolution of names or references in the SFC component. Affected component: OpenDaylight Service Function Chaining (SFC). Root cause: improper handling of name...
CVE-2024-37018
The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets...
RHSA-2018:2598 Red Hat Security Advisory: opendaylight security and bug fix update
Bulletin has no description...
Improper Authorization
org.opendaylight.mdsal : mdsal-artifacts is vulnerable to Improper Authorization. The vulnerability is due to improper role enforcement, allowing a controller with a follower role to configure flow entries in an OpenDaylight clustering deployment...
Improper Authorization
org.opendaylight.aaa : aaa-authn-api is vulnerable to Improper Authorization. The vulnerability is due to inadequate validation of cluster membership in OpenDaylight AAA, allowing a rogue controller to impersonate an offline peer even without complete cluster configuration information...