Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Onos Security Vulnerabilities

cve
cve

CVE-2015-7516

ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).

7.5CVSS

7.4AI Score

0.008EPSS

2017-08-24 08:29 PM
22
cve
cve

CVE-2017-1000078

Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration

6.1CVSS

5.9AI Score

0.001EPSS

2017-07-17 01:18 PM
34
cve
cve

CVE-2017-1000079

Linux foundation ONOS 1.9.0 is vulnerable to a DoS.

7.5CVSS

7.4AI Score

0.001EPSS

2017-07-17 01:18 PM
29
2
cve
cve

CVE-2017-1000080

Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.

7.5CVSS

7.5AI Score

0.001EPSS

2017-07-17 01:18 PM
30
cve
cve

CVE-2017-1000081

Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.

9.8CVSS

9.8AI Score

0.015EPSS

2017-07-17 01:18 PM
28
cve
cve

CVE-2017-13762

ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.

6.1CVSS

6.2AI Score

0.004EPSS

2017-08-30 12:29 AM
29
cve
cve

CVE-2017-13763

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.

7.5CVSS

7.5AI Score

0.001EPSS

2017-08-30 12:29 AM
33
cve
cve

CVE-2018-1000614

ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller ...

9.8CVSS

9.2AI Score

0.003EPSS

2018-07-09 08:29 PM
29
cve
cve

CVE-2018-1000615

ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should b...

7.5CVSS

7.3AI Score

0.001EPSS

2018-07-09 08:29 PM
24
cve
cve

CVE-2018-1000616

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenC...

9.8CVSS

9.3AI Score

0.006EPSS

2018-07-09 08:29 PM
29
cve
cve

CVE-2018-12691

Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.

6.8CVSS

6.8AI Score

0.001EPSS

2018-07-05 06:29 PM
20
cve
cve

CVE-2019-13624

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.

9.8CVSS

9.4AI Score

0.002EPSS

2019-07-17 03:15 AM
268
cve
cve

CVE-2023-30093

A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.

6.1CVSS

5.8AI Score

0.001EPSS

2023-05-04 10:15 PM
32