EUVD-2017-1520

Malware in sbrugna...

EUVD-2022-3970

Malicious code in bioql PyPI...

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the use of insecure Shiro options secureCookies=False and httpOnly=False. An attacker in a MitM position can access sensitive information in transit. Remediation There is no fixed version for...

org.opendaylight.integration:features-index (>=0.11.0 <=0.11.4), org.opendaylight.integration:features-test (>=0.11.0 <=0.11.4) +11 more potentially affected by CVE-2025-29313 via org.opendaylight.sfc:odl-sfc-ovs (>=0.10.0 <=0.10.4)

org.opendaylight.sfc:odl-sfc-ovs MAVEN version =0.10.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.9.0, =0.9.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.4 Source cves: CVE-2025-29313 Source advisory: OSV:GHSA-V3VP-FG2V-G7Q4...

org.opendaylight.faas:features4-faas (>=1.2.0-Carbon <=1.3.3), org.opendaylight.faas:odl-faas-all (>=1.2.0-Carbon <=1.3.3) +67 more potentially affected by CVE-2025-29315 via org.opendaylight.sfc:sfc-provider (>=0.0.1-Helium <=0.9.3)

org.opendaylight.sfc:sfc-provider MAVEN version =0.0.1-Helium, =1.2.0-Carbon, =1.2.0-Carbon, =1.2.0-Carbon, =1.0.0-Beryllium, =0.6.0, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.6.0, =0.9.0, =0.9.0, =0.11.4 and more Source cves: CVE-2025-29315 Source advisory:...

org.opendaylight.integration:features-index (>=0.11.0 <=0.11.4), org.opendaylight.integration:features-test (>=0.11.0 <=0.11.4) +11 more potentially affected by CVE-2025-29314 via org.opendaylight.sfc:odl-sfc-ovs (>=0.10.0 <=0.10.4)

org.opendaylight.sfc:odl-sfc-ovs MAVEN version =0.10.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.9.0, =0.9.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.4 Source cves: CVE-2025-29314 Source advisory: OSV:GHSA-XP75-W7VQ-5X6J...

networking-bagpipe (>=8.0.1 <=10.0.1), networking-baremetal (=1.0.1) +8 more potentially affected by CVE-2023-3637 via neutron (>=12.1.1 <=15.3.4)

neutron PYPI version =12.1.1, =8.0.1, =15.0.0, =13.0.1, =5.1.0, =13.0.2, =13.0.2, =14.0.1, =14.3.0 Source cves: CVE-2023-3637 Source advisory: OSV:GHSA-R3JH-QHGJ-GVR8...

CVE-2022-45932

OpenDaylight (ODL) AAA component contains a SQL injection in the deleteRole path of RoleStore.deleteRole, exploitable via the /auth/v1/roles/ API. Affects ODL versions prior to 0.16.5. The vulnerability can allow a malicious user to execute arbitrary SQL against the backend database. Remediation:...

CVE-2022-45930

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface...

CVE-2022-45930

OpenDaylight ODL prior to 0.16.5 is affected by a SQL injection in the AAA domain management path. Specifically, the deleteDomain function in DomainStore.java (aaa-idm-store-h2) handles /auth/v1/domains/ in a way that can allow arbitrary SQL execution. This is caused by the SQL construction/handl...

networking-bagpipe (>=8.0.1 <=10.0.1), networking-baremetal (=1.0.1) +8 more potentially affected by CVE-2021-40797 via neutron (>=12.1.1 <=15.3.4)

neutron PYPI version =12.1.1, =8.0.1, =15.0.0, =13.0.1, =5.1.0, =13.0.2, =13.0.2, =14.0.1, =14.3.0 Source cves: CVE-2021-40797 Source advisory: OSV:GHSA-CPX3-696P-3CW9...

GHSA-GJQ3-997P-HG6F OpenDaylight NULL Pointer Dereference

StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0...

OpenDaylight NULL Pointer Dereference

StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0...

Moderate: Red Hat Security Advisory: opendaylight security and bug fix update

An update for OpenDaylight is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: openstack-tripleo-heat-templates security update

An update for openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 13.0 Queens for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Design/Logic Flaw

The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions...

CVE-2015-1857

The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions...

CVE-2015-1857

The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions...

CVE-2015-1857

CVE-2015-1857 concerns OpenDaylight Helium’s odl-mdsal-apidocs feature, where failure to enforce AAA restrictions enables remote disclosure of sensitive information. Root cause: insufficient authentication/authorization/logging controls. Impact: confidentiality exposure without explicit exploit o...

OpenDaylight odl-mdsal-xsql component resource management error vulnerability

OpenDaylight, a project of the Linux Foundation, is a community-driven, open-source software-defined networking framework that includes a collection of modules to perform networking tasks that need to be done quickly.OpenDaylight odl-mdsal-xsql is one of the XML-based query components used to...