12 matches found
CVE-2018-1000616
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml that can result in An adversary can remotely launch XXE attacks on ONOS controller via an...
EUVD-2018-1951
Malware in sbrugna...
EUVD-2018-1952
Malware in sbrugna...
EUVD-2018-1950
Malware in sbrugna...
CVE-2018-1000614
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller...
CVE-2018-1000615
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service Service crash vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should b...
CVE-2019-1010245
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The...
Denial Of Service (DoS)
onos-ovsdb-rfc is vulnerable to denial of serviceDoS attack. The attacker can launch the attack through a normal switch, crashing the OVSDB service in the ONOS controller...
XML External Entity (XXE) Injection
Onos Controller is vulnerable to XML external entitiy XXE injection attack. It is possible because the application does not disable Document Type Definition DTD External Entities by default, allowing a malicious user to inject malicious external entities through XML files...
CVE-2018-1000614
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller...
CVE-2018-1000616
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml that can result in An adversary can remotely launch XXE attacks on ONOS controller via an...
CVE-2018-1000615
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service Service crash vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should b...