Traditionally, the Wall of Sheep is an interactive demonstration of what can happen when network users let their guard down. We passively observe the traffic on a network, looking for evidence of users logging into email, web sites, or other network services without the protection of encryption. Those we find get put on the Wall of Sheep as a good-natured reminder that a malicious person could do the same thing we did . . . with far less friendly consequences. More importantly, we strive to educate the “sheep” we catch to prevent leaks in the future.

Now I use the term Wall of Sheep to denote the list of security issues that were “passively” observed when I am enjoying my security research as well as ethical hacking.


CVE-2020-6639 mongo-express denial of service

CVE-2019-10805 valib inspection bypass

CVE-2019-10790 taffyDB universal SQL Injection

CVE-2019-20149 kind-of type checking manipulation

CVE-2019-10781 schema-inspector validation bypass

CVE-2019-19729 bson-objectid ID forging

CVE-2019-19507 jpv validation violation

CVE-2019-18954 pomelo internal state manipulation

CVE-2019-2391 mongodb query condition abuse

CVE-2019-18608 cezerin unauthorized order modification

CVE-2019-18413 class-validator bypass

CVE-2019-17426 mongoose query condition abuse

CVE-2019-13623 Ghidra arbitrary code execution

CVE-2019-13624 ONOS remote command execution

CVE-2018-1132 Opendaylight’s SDNInterfaceapp module SQL injection.

CVE-2018-15595 Opendaylight’s TSDR Module Denial of Service

CVE-2018-1999020 ONOS Controller Directory Traversal

CVE-2018-1000614 ONOS Controller Notification XXE

CVE-2018-1000615 ONOS Controller OVSDB Remote Denial of Service

CVE-2018-1000616 ONOS Controller XMLCONFIGPARSER XXE

CVE-2018-1000617 Atlassian Floodlight Controller Remote Denial of Service

CVE-2018-1000163 Atlassian Floodlight Controller Web Console Cross-Site Scripting