VYPR

Onos

by Opennetworkinglab

Source repositories

CVEs (6)

  • CVE-2018-1000616CriJul 9, 2018
    risk 0.64cvss 9.8epss 0.01

    ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS…

  • CVE-2018-1000614CriJul 9, 2018
    risk 0.64cvss 9.8epss 0.02

    ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks…

  • CVE-2018-1000615HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.01

    ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via…

  • CVE-2015-7516HigAug 24, 2017
    risk 0.49cvss 7.5epss 0.04

    ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).

  • CVE-2018-12691MedJul 5, 2018
    risk 0.44cvss 6.8epss 0.01

    Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.

  • CVE-2018-1999020MedJul 23, 2018
    risk 0.36cvss 5.5epss 0.01

    Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack…