VYPR

Onos

by Onosproject

Source repositories

CVEs (11)

  • CVE-2017-1000081CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.03

    Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.

  • CVE-2015-7516HigAug 24, 2017
    risk 0.49cvss 7.5epss 0.04

    ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).

  • CVE-2017-1000080HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.

  • CVE-2017-1000079HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Linux foundation ONOS 1.9.0 is vulnerable to a DoS.

  • CVE-2017-13763HigAug 30, 2017
    risk 0.42cvss 7.5epss 0.01

    ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.

  • CVE-2017-13762MedAug 30, 2017
    risk 0.40cvss 6.1epss 0.01

    ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.

  • CVE-2017-1000078MedJul 17, 2017
    risk 0.40cvss 6.1epss 0.01

    Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration

  • CVE-2024-53423May 29, 2025
    risk 0.00cvss epss 0.00

    An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.

  • CVE-2023-41591May 29, 2025
    risk 0.00cvss epss 0.00

    An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts.

  • CVE-2025-29312Mar 24, 2025
    risk 0.00cvss epss 0.00

    An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct.

  • CVE-2025-29310Mar 24, 2025
    risk 0.00cvss epss 0.01

    An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information.