EUVD-2017-1520

Malware in sbrugna...

EUVD-2022-3970

Malicious code in bioql PyPI...

org.opendaylight.faas:features4-faas (>=1.2.0-Carbon <=1.3.3), org.opendaylight.faas:odl-faas-all (>=1.2.0-Carbon <=1.3.3) +67 more potentially affected by CVE-2025-29315 via org.opendaylight.sfc:sfc-provider (>=0.0.1-Helium <=0.9.3)

org.opendaylight.sfc:sfc-provider MAVEN version =0.0.1-Helium, =1.2.0-Carbon, =1.2.0-Carbon, =1.2.0-Carbon, =1.0.0-Beryllium, =0.6.0, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.6.0, =0.9.0, =0.9.0, =0.11.4 and more Source cves: CVE-2025-29315 Source advisory:...

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the use of insecure Shiro options secureCookies=False and httpOnly=False. An attacker in a MitM position can access sensitive information in transit. Remediation There is no fixed version for...

networking-bagpipe (>=8.0.1 <=10.0.1), networking-baremetal (=1.0.1) +8 more potentially affected by CVE-2023-3637 via neutron (>=12.1.1 <=15.3.4)

neutron PYPI version =12.1.1, =8.0.1, =15.0.0, =13.0.1, =5.1.0, =13.0.2, =13.0.2, =14.0.1, =14.3.0 Source cves: CVE-2023-3637 Source advisory: OSV:GHSA-R3JH-QHGJ-GVR8...

CVE-2022-45932

OpenDaylight (ODL) AAA component contains a SQL injection in the deleteRole path of RoleStore.deleteRole, exploitable via the /auth/v1/roles/ API. Affects ODL versions prior to 0.16.5. The vulnerability can allow a malicious user to execute arbitrary SQL against the backend database. Remediation:...

CVE-2022-45930

OpenDaylight ODL prior to 0.16.5 is affected by a SQL injection in the AAA domain management path. Specifically, the deleteDomain function in DomainStore.java (aaa-idm-store-h2) handles /auth/v1/domains/ in a way that can allow arbitrary SQL execution. This is caused by the SQL construction/handl...

CVE-2022-45930

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface...

networking-bagpipe (>=8.0.1 <=10.0.1), networking-baremetal (=1.0.1) +8 more potentially affected by CVE-2021-40797 via neutron (>=12.1.1 <=15.3.4)

neutron PYPI version =12.1.1, =8.0.1, =15.0.0, =13.0.1, =5.1.0, =13.0.2, =13.0.2, =14.0.1, =14.3.0 Source cves: CVE-2021-40797 Source advisory: OSV:GHSA-CPX3-696P-3CW9...

OpenDaylight NULL Pointer Dereference

StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0...

GHSA-GJQ3-997P-HG6F OpenDaylight NULL Pointer Dereference

StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0...

Moderate: Red Hat Security Advisory: opendaylight security and bug fix update

An update for OpenDaylight is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: openstack-tripleo-heat-templates security update

An update for openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 13.0 Queens for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2015-1857

The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions...

Design/Logic Flaw

The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions...

CVE-2015-1857

CVE-2015-1857 concerns OpenDaylight Helium’s odl-mdsal-apidocs feature, where failure to enforce AAA restrictions enables remote disclosure of sensitive information. Root cause: insufficient authentication/authorization/logging controls. Impact: confidentiality exposure without explicit exploit o...

CVE-2015-1857

The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions...

OpenDaylight odl-mdsal-xsql component resource management error vulnerability

OpenDaylight, a project of the Linux Foundation, is a community-driven, open-source software-defined networking framework that includes a collection of modules to perform networking tasks that need to be done quickly.OpenDaylight odl-mdsal-xsql is one of the XML-based query components used to...

OpenDaylight odl-restconf Denial of Service Vulnerability

OpenDaylight, a project of the Linux Foundation in the United States, is a community-driven, open-source, software-defined networking framework that contains an ensemble of modules capable of performing networking tasks that need to be done quickly. A security vulnerability exists in odl-restconf...

CVE-2017-1000360

StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0...