Onos
by Onosproject
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000081 | Cri | 0.64 | 9.8 | 0.03 | Jul 17, 2017 | Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | ||
| CVE-2015-7516 | Hig | 0.49 | 7.5 | 0.04 | Aug 24, 2017 | ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870). | ||
| CVE-2017-1000080 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2017 | Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. | ||
| CVE-2017-1000079 | Hig | 0.49 | 7.5 | 0.01 | Jul 17, 2017 | Linux foundation ONOS 1.9.0 is vulnerable to a DoS. | ||
| CVE-2017-13763 | Hig | 0.42 | 7.5 | 0.01 | Aug 30, 2017 | ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited. | ||
| CVE-2017-13762 | Med | 0.40 | 6.1 | 0.01 | Aug 30, 2017 | ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. | ||
| CVE-2017-1000078 | Med | 0.40 | 6.1 | 0.01 | Jul 17, 2017 | Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration | ||
| CVE-2024-53423 | 0.00 | — | 0.00 | May 29, 2025 | An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets. | |||
| CVE-2023-41591 | 0.00 | — | 0.00 | May 29, 2025 | An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts. | |||
| CVE-2025-29312 | 0.00 | — | 0.00 | Mar 24, 2025 | An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct. | |||
| CVE-2025-29310 | 0.00 | — | 0.01 | Mar 24, 2025 | An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information. |
- risk 0.64cvss 9.8epss 0.03
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
- risk 0.49cvss 7.5epss 0.04
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).
- risk 0.49cvss 7.5epss 0.01
Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.
- risk 0.49cvss 7.5epss 0.01
Linux foundation ONOS 1.9.0 is vulnerable to a DoS.
- risk 0.42cvss 7.5epss 0.01
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.
- risk 0.40cvss 6.1epss 0.01
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
- risk 0.40cvss 6.1epss 0.01
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration
- CVE-2024-53423May 29, 2025risk 0.00cvss —epss 0.00
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.
- CVE-2023-41591May 29, 2025risk 0.00cvss —epss 0.00
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts.
- CVE-2025-29312Mar 24, 2025risk 0.00cvss —epss 0.00
An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct.
- CVE-2025-29310Mar 24, 2025risk 0.00cvss —epss 0.01
An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information.