Controller
by Opendaylight
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-36500 | Cri | 0.59 | 9.1 | 0.00 | Jun 5, 2026 | An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request. | ||
| CVE-2024-37018 | Cri | 0.59 | 9.1 | 0.00 | May 31, 2024 | The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets. | ||
| CVE-2026-36501 | Hig | 0.49 | 7.5 | 0.00 | Jun 5, 2026 | An issue in the Externalizable.readExternal() component of Controller v12.0.5 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||
| CVE-2024-54411 | Hig | 0.46 | 7.1 | 0.00 | Dec 16, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in hosting.io WP Controller wp-management-controller allows Stored XSS.This issue affects WP Controller: from n/a through <= 3.2.0. | ||
| CVE-2023-3971 | 0.00 | — | 0.00 | Oct 4, 2023 | An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise. | |||
| CVE-2022-3157 | 0.00 | — | 0.01 | Dec 16, 2022 | A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). | |||
| CVE-2017-1000411 | 0.00 | — | 0.01 | Jan 31, 2018 | OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with… |
- risk 0.59cvss 9.1epss 0.00
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request.
- risk 0.59cvss 9.1epss 0.00
The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.
- risk 0.49cvss 7.5epss 0.00
An issue in the Externalizable.readExternal() component of Controller v12.0.5 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in hosting.io WP Controller wp-management-controller allows Stored XSS.This issue affects WP Controller: from n/a through <= 3.2.0.
- CVE-2023-3971Oct 4, 2023risk 0.00cvss —epss 0.00
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
- CVE-2022-3157Dec 16, 2022risk 0.00cvss —epss 0.01
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
- CVE-2017-1000411Jan 31, 2018risk 0.00cvss —epss 0.01
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with…