org.opendaylight.groupbasedpolicy:features-groupbasedpolicy (=0.7.4), org.opendaylight.groupbasedpolicy:odl-groupbasedpolicy-neutron-and-ofoverlay (>=0.5.0-Carbon <=0.7.4) +17 more potentially affected by CVE-2025-29314 via org.opendaylight.sfc:odl-sfc-openflow-renderer (>=0.10.0 <=0.9.3)

org.opendaylight.sfc:odl-sfc-openflow-renderer MAVEN version =0.10.0, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.6.0, =0.6.0, =0.4.0-Carbon, =0.5.0, =0.4.0-Carbon, =0.5.0, =0.5.2 and more Source cves: CVE-2025-29314 Source advisory:...

org.opendaylight.groupbasedpolicy:features-groupbasedpolicy (=0.7.4), org.opendaylight.groupbasedpolicy:odl-groupbasedpolicy-neutron-and-ofoverlay (>=0.5.0-Carbon <=0.7.4) +23 more potentially affected by CVE-2025-29313 via org.opendaylight.sfc:sfc-ovs (>=0.10.0 <=0.9.3)

org.opendaylight.sfc:sfc-ovs MAVEN version =0.10.0, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.6.0, =0.6.0, =0.4.0-Carbon, =0.5.0, =0.4.0-Carbon, =0.4.4-Carbon and more Source cves: CVE-2025-29313 Source advisory:...

org.opendaylight.integration:features-index (>=0.11.0 <=0.11.4), org.opendaylight.integration:features-test (>=0.11.0 <=0.11.4) +11 more potentially affected by CVE-2025-29313 via org.opendaylight.sfc:odl-sfc-ovs (>=0.10.0 <=0.10.4)

org.opendaylight.sfc:odl-sfc-ovs MAVEN version =0.10.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.9.0, =0.9.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.4 Source cves: CVE-2025-29313 Source advisory: OSV:GHSA-V3VP-FG2V-G7Q4...

org.opendaylight.groupbasedpolicy:features-groupbasedpolicy (=0.7.4), org.opendaylight.groupbasedpolicy:odl-groupbasedpolicy-neutron-and-ofoverlay (>=0.5.0-Carbon <=0.7.4) +19 more potentially affected by CVE-2025-29314 via org.opendaylight.sfc:odl-sfc-ovs (>=0.10.0 <=0.9.3)

org.opendaylight.sfc:odl-sfc-ovs MAVEN version =0.10.0, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.6.0, =0.6.0, =0.4.0-Carbon, =0.5.0, =0.4.0-Carbon, =0.4.4-Carbon and more Source cves: CVE-2025-29314 Source advisory:...

org.opendaylight.integration:features-index (>=0.11.0 <=0.11.4), org.opendaylight.integration:features-test (>=0.11.0 <=0.11.4) +9 more potentially affected by CVE-2025-29314 via org.opendaylight.sfc:odl-sfc-openflow-renderer (>=0.10.0 <=0.10.4)

org.opendaylight.sfc:odl-sfc-openflow-renderer MAVEN version =0.10.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.9.0, =0.9.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.4 Source cves: CVE-2025-29314 Source advisory: OSV:GHSA-XP75-W7VQ-5X6J...

org.opendaylight.integration:features-index (>=0.11.0 <=0.11.4), org.opendaylight.integration:features-test (>=0.11.0 <=0.11.4) +11 more potentially affected by CVE-2025-29314 via org.opendaylight.sfc:odl-sfc-ovs (>=0.10.0 <=0.10.4)

org.opendaylight.sfc:odl-sfc-ovs MAVEN version =0.10.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.9.0, =0.9.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.4 Source cves: CVE-2025-29314 Source advisory: OSV:GHSA-XP75-W7VQ-5X6J...

GHSA-XP75-W7VQ-5X6J OpenDaylight SFC Insecure Shiro Cookie Configuration

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...

CVE-2022-45930

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface...

PT-2022-27691 · Unknown · Opendaylight

Name of the Vulnerable Software and Affected Versions: OpenDaylight versions prior to 0.16.5 Description: A SQL injection issue was discovered in the AAA component of OpenDaylight. The deleteRole function in RoleStore.java is affected when using the API interface /auth/v1/roles/. Recommendations:...

PT-2022-27690 · Unknown · Opendaylight

Name of the Vulnerable Software and Affected Versions: OpenDaylight versions prior to 0.16.5 Description: A SQL injection issue was discovered in the AAA component of OpenDaylight. The deleteUser function in the UserStore.java file is affected when the API interface "/auth/v1/users/" is used...

org.opendaylight.bier:bier-karaf (=0.3.4), org.opendaylight.bier:features-bier (=0.3.4) +10 more potentially affected by CVE-2015-7501 via org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic (=4.01_1)

org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic MAVEN version =4.011 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic and may be impacted: -...

CVE-2018-1132

A flaw was found in Opendaylight's SDNInterfaceapp SDNI. Attackers can SQL inject the component's database SQLite without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to...

CVE-2017-1000411

OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and...

OpenDaylight odl-mdsal-xsql component resource management error vulnerability (CNVD-2017-16999)

OpenDaylight, a project of the Linux Foundation, is a community-driven, open-source software-defined networking framework that includes a collection of modules to perform networking tasks that need to be done quickly.OpenDaylight odl-mdsal-xsql is one of the XML-based query components used to...

CVE-2017-1000359

Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0...

CVE-2017-1000361

DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0...