Onos
Source repositories
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000081 | Cri | 0.64 | 9.8 | 0.08 | Jul 17, 2017 | Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | ||
| CVE-2015-7516 | Hig | 0.49 | 7.5 | 0.02 | Aug 24, 2017 | ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870). | ||
| CVE-2017-1000080 | Hig | 0.49 | 7.5 | 0.00 | Jul 17, 2017 | Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. | ||
| CVE-2017-1000079 | Hig | 0.49 | 7.5 | 0.00 | Jul 17, 2017 | Linux foundation ONOS 1.9.0 is vulnerable to a DoS. | ||
| CVE-2017-13763 | Hig | 0.42 | 7.5 | 0.00 | Aug 30, 2017 | ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited. | ||
| CVE-2017-13762 | Med | 0.40 | 6.1 | 0.01 | Aug 30, 2017 | ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. | ||
| CVE-2017-1000078 | Med | 0.40 | 6.1 | 0.00 | Jul 17, 2017 | Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration | ||
| CVE-2018-1999020 | 0.00 | — | 0.01 | Jul 23, 2018 | Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack… | |||
| CVE-2018-1000615 | 0.00 | — | 0.00 | Jul 9, 2018 | ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via… | |||
| CVE-2018-1000614 | 0.00 | — | 0.01 | Jul 9, 2018 | ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks… | |||
| CVE-2018-1000616 | 0.00 | — | 0.00 | Jul 9, 2018 | ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS… | |||
| CVE-2018-12691 | 0.00 | — | 0.00 | Jul 5, 2018 | Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. |
- risk 0.64cvss 9.8epss 0.08
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
- risk 0.49cvss 7.5epss 0.02
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).
- risk 0.49cvss 7.5epss 0.00
Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.
- risk 0.49cvss 7.5epss 0.00
Linux foundation ONOS 1.9.0 is vulnerable to a DoS.
- risk 0.42cvss 7.5epss 0.00
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.
- risk 0.40cvss 6.1epss 0.01
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
- risk 0.40cvss 6.1epss 0.00
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration
- CVE-2018-1999020Jul 23, 2018risk 0.00cvss —epss 0.01
Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack…
- CVE-2018-1000615Jul 9, 2018risk 0.00cvss —epss 0.00
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via…
- CVE-2018-1000614Jul 9, 2018risk 0.00cvss —epss 0.01
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks…
- CVE-2018-1000616Jul 9, 2018risk 0.00cvss —epss 0.00
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS…
- CVE-2018-12691Jul 5, 2018risk 0.00cvss —epss 0.00
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.