Design/Logic Flaw

An issue was discovered in Open Network Operating System ONOS 1.14. In the virtual broadband network gateway application org.onosproject.virtualbng, the host event listener does not handle the following event types: HOSTMOVED, HOSTREMOVED, HOSTUPDATED. In combination with other applications, this...

CVE-2019-16302

An issue was discovered in Open Network Operating System ONOS 1.14. In the Ethernet VPN application org.onosproject.evpnopenflow, the host event listener does not handle the following event types: HOSTMOVED, HOSTUPDATED. In combination with other applications, this could lead to the absence of...

CVE-2019-16302

The CVE-2019-16302 entry affects Open Network Operating System (ONOS) 1.14, specifically the Ethernet VPN app (org.onosproject.evpnopenflow). The host event listener does not handle HOST_MOVED and HOST_UPDATED, which in combination with other applications could lead to the absence of intended cod...

CVE-2019-16301

An issue was discovered in Open Network Operating System ONOS 1.14. In the virtual tenant network application org.onosproject.vtn, the host event listener does not handle the following event types: HOSTMOVED. In combination with other applications, this could lead to the absence of intended code...

CVE-2019-16301

CVE-2019-16301 affects ONOS 1.14 in the virtual tenant network (org.onosproject.vtn). The host event listener fails to handle HOST_MOVED, and when combined with other applications this could lead to absence of intended code execution. The provided connected documents confirm the issue and its con...

CVE-2019-16300

CVE-2019-16300 affects Open Network Operating System (ONOS) 1.14 in the acl application (org.onosproject.acl). The host event listener fails to handle HOST_REMOVED events, and in combination with other applications this could lead to absence of intended code execution. Documents consistently desc...

CVE-2019-16299

An issue was discovered in Open Network Operating System ONOS 1.14. In the mobility application org.onosproject.mobility, the host event listener does not handle the following event types: HOSTADDED, HOSTREMOVED, HOSTUPDATED. In combination with other applications, this could lead to the absence ...

CVE-2019-16298

ONOS 1.14 contains a bug in the Virtual BNG app’s host event listener (org.onosproject.virtualbng) where HOST_MOVED, HOST_REMOVED, and HOST_UPDATED events are not handled. In combination with other applications, this could lead to the absence of intended code execution. The vulnerability is docum...

CVE-2019-16298

An issue was discovered in Open Network Operating System ONOS 1.14. In the virtual broadband network gateway application org.onosproject.virtualbng, the host event listener does not handle the following event types: HOSTMOVED, HOSTREMOVED, HOSTUPDATED. In combination with other applications, this...

CVE-2019-16297

ONOS 1.14’s P4 tutorial application (org.onosproject.p4tutorial) has a host event listener that fails to handle HOST_MOVED, HOST_REMOVED, and HOST_UPDATED. This gap can, in combination with other applications, permit unintended code execution. The issue is documented across multiple sources (ONOS...

CVE-2019-16297

An issue was discovered in Open Network Operating System ONOS 1.14. In the P4 tutorial application org.onosproject.p4tutorial, the host event listener does not handle the following event types: HOSTMOVED, HOSTREMOVED, HOSTUPDATED. In combination with other applications, this could lead to the...

Cisco Discovery Protocol Denial of Service Vulnerability in Cisco FXOS, IOS XR and NX-OS Software

Cisco NX-OS Software and others are products of Cisco Corporation.Cisco NX-OS Software is a suite of data center-grade operating system software for use in switches.Cisco FXOS Software is a suite of firewall software that runs in Cisco security appliances.Cisco IOS XR is a suite of operating...

Ansible: malicious code could craft filename in nxos_file_copy module

A vulnerability in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues...

Ansible: malicious code could craft filename in nxos_file_copy module

A vulnerability in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues...

Ansible: malicious code could craft filename in nxos_file_copy module

A vulnerability in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues...

The vulnerability of the createFlow() and createFlows() functions (FlowWebResource.java) of the RESTful operating system-based service of Open Network Operating System allows a hacker to arbitrarily modify the settings of the switch.

The vulnerability of the createFlow and createFlows functions FlowWebResource.java of the RESTful operating system service of Open Network Operating System is caused by a numerical overflow. Exploiting this vulnerability could allow an attacker to arbitrarily modify the settings of the switch...

The vulnerability of the Neighbor Discovery protocol implementation in Cisco IOS XE, IOS XR, NX-OS, and StarOS operating systems allows a attacker to cause service failure.

The vulnerability of the Neighbor Discovery ND protocol implementation in Cisco IOS XE, IOS XR, NX-OS, and StarOS operating systems exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures by using specially crafted N...

The vulnerability of NX-OS and Cisco IOS XE operating systems arises from errors during the verification of the electronic signature when installing an Open Virtual Appliance (OVA) image. This vulnerability allows a perpetrator to install malware onto a vulnerable device.

The vulnerability of NX-OS and Cisco IOS XE operating systems is related to errors during the verification of the electronic signature when installing an Open Virtual Appliance OVA image. Exploiting this vulnerability allows a perpetrator to install malware onto a vulnerable device...

The vulnerability of the Virtual Shell (VSH) service in the NX-OS network operating system allows a hacker to trigger a maintenance failure or cause an emergency shutdown of the application.

The vulnerability of the Virtual Shell VSH service in the NX-OS network operating system is related to uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause an application to terminate abnormally or trigger a service failure remotely...

Cisco NX-OS and Cisco IOS XE Data Forgery Issue Vulnerabilities

Cisco NX-OS Software and IOS XE are both products of Cisco Corporation.Cisco NX-OS Software is a set of data center-grade operating system software used by switches.IOS XE is a set of operating systems developed for use with its network devices. Cisco NX-OS and Cisco IOS XE in the data forgery...