Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Onosproject Subscribe
Filtered by product Onos
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1000081 1 Onosproject 1 Onos 2020-12-07 7.5 HIGH 9.8 CRITICAL
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
CVE-2017-1000079 1 Onosproject 1 Onos 2020-12-07 5.0 MEDIUM 7.5 HIGH
Linux foundation ONOS 1.9.0 is vulnerable to a DoS.
CVE-2017-1000080 1 Onosproject 1 Onos 2020-12-07 5.0 MEDIUM 7.5 HIGH
Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.
CVE-2017-1000078 1 Onosproject 1 Onos 2020-12-07 4.3 MEDIUM 6.1 MEDIUM
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration
CVE-2018-1000615 1 Onosproject 1 Onos 2020-08-24 5.0 MEDIUM 7.5 HIGH
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network..
CVE-2017-13763 1 Onosproject 1 Onos 2019-10-02 5.0 MEDIUM 7.5 HIGH
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.
CVE-2019-13624 1 Onosproject 1 Onos 2019-07-19 10.0 HIGH 9.8 CRITICAL
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.
CVE-2018-12691 1 Onosproject 1 Onos 2018-09-04 4.3 MEDIUM 6.8 MEDIUM
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.
CVE-2018-1000614 1 Onosproject 1 Onos 2018-09-04 7.5 HIGH 9.8 CRITICAL
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message.
CVE-2018-1000616 1 Onosproject 1 Onos 2018-09-04 7.5 HIGH 9.8 CRITICAL
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity.
CVE-2017-13762 1 Onosproject 1 Onos 2017-09-01 4.3 MEDIUM 6.1 MEDIUM
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
CVE-2015-7516 1 Onosproject 1 Onos 2017-08-30 7.8 HIGH 7.5 HIGH
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).