12 matches found
EUVD-2024-54610
Malicious code in bioql PyPI...
EUVD-2025-8020
Malicious code in bioql PyPI...
CVE-2023-41591
CVE-2023-41591 affects Open Network Foundation ONOS v2.7.0. The issue allows an attacker to create fake IP/MAC addresses, enabling potential man-in-the-middle attacks between spoofed and legitimate hosts. The Red Hat and NVD/NVDA references describe the same impact. Snyk reports org.onosproject:o...
CVE-2024-53423
CVE-2024-53423 concerns Open Network Foundation ONOS v2.7.0 where attackers can cause a Denial of Service by sending crafted packets. The entry is supported by multiple sources (NVD, CVE records, Red Hat advisory, OSV, CNNVD, PT Security). CVSS v3.1 base score is 5.6 (Network, Low/Low/Low impacts...
CVE-2024-53423
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service DoS via supplying crafted packets...
CVE-2025-29312
An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct...
CVE-2025-29310
An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information...
CVE-2025-29310
An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information...
CVE-2025-29312
CVE-2025-29312 affects ONOS v2.7.0. The vulnerability allows triggering unexpected behavior in a device connected to a legacy switch by changing the link type from indirect to direct. CVSS 3.1 base score 9.1 (CRITICAL) with Network attack vector, no privileges required, no user interaction; confi...
CVE-2025-29311
Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Attackers are able to leverage this vulnerability into creating crafted LLDP packets...
CVE-2025-29312
An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct...
CVE-2025-29310
The CVE refers to ONOS v2.7.0 where a vulnerability in LLDP packet deserialization can be triggered by a crafted LLDP packet, allowing an attacker to execute arbitrary commands or access network information. Affected component: ONOS 2.7.0 (deserialization path in LLDP handling). Root cause: packe...