11 matches found
CVE-2019-1010234
The vulnerability CVE-2019-1010234 affects Linux Foundation ONOS 1.15.0 and earlier. It stems from improper input validation in the runJavaCompiler method of YangLiveCompilerManager.java, allowing an attacker to remotely execute commands by sending a malicious HTTP request to the controller. The ...
CVE-2019-16300
CVE-2019-16300 affects Open Network Operating System (ONOS) 1.14 in the acl application (org.onosproject.acl). The host event listener fails to handle HOST_REMOVED events, and in combination with other applications this could lead to absence of intended code execution. Documents consistently desc...
CVE-2019-16297
ONOS 1.14’s P4 tutorial application (org.onosproject.p4tutorial) has a host event listener that fails to handle HOST_MOVED, HOST_REMOVED, and HOST_UPDATED. This gap can, in combination with other applications, permit unintended code execution. The issue is documented across multiple sources (ONOS...
CVE-2019-16299
CVE-2019-16299 affects Open Network Operating System (ONOS) 1.14, specifically the mobility application’s host event listener (org.onosproject.mobility). The vulnerability arises because the listener does not handle HOST_ADDED, HOST_REMOVED, and HOST_UPDATED events, which in combination with othe...
CVE-2019-16302
The CVE-2019-16302 entry affects Open Network Operating System (ONOS) 1.14, specifically the Ethernet VPN app (org.onosproject.evpnopenflow). The host event listener does not handle HOST_MOVED and HOST_UPDATED, which in combination with other applications could lead to the absence of intended cod...
CVE-2019-16298
ONOS 1.14 contains a bug in the Virtual BNG app’s host event listener (org.onosproject.virtualbng) where HOST_MOVED, HOST_REMOVED, and HOST_UPDATED events are not handled. In combination with other applications, this could lead to the absence of intended code execution. The vulnerability is docum...
CVE-2019-16301
CVE-2019-16301 affects ONOS 1.14 in the virtual tenant network (org.onosproject.vtn). The host event listener fails to handle HOST_MOVED, and when combined with other applications this could lead to absence of intended code execution. The provided connected documents confirm the issue and its con...
CVE-2019-1010245
CVE-2019-1010245 affects the Linux Foundation ONOS SDN Controller (1.15 and earlier). The vulnerability arises from Improper Input Validation in the component at apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java . A remote attacker could leverage network connectivity ...
CVE-2019-1010250
CVE-2019-1010250 affects the Linux Foundation ONOS platform (2.0.0 and earlier). The vulnerability stems from poor input-validation in the RESTful service functions createFlow() and createFlows() in FlowWebResource.java, which can allow a network administrator or attacker to inadvertently install...
CVE-2019-1010252
The Linux Foundation ONOS 2.0.0 and earlier is affected by Poor Input-validation in FlowRuleManager.java (applyFlowRules() and apply()). This can allow a network administrator or attacker to install unintended flow rules in the switch via network-management connectivity. Root cause: inadequate in...
CVE-2019-1010249
The CVE-2019-1010249 entry refers to Linux Foundation ONOS 2.0.0 and earlier affected by an Integer Overflow in FlowWebResource.java (createFlow()/createFlows()). The impact is that a network administrator or attacker could install unintended flow rules in switches via network management and conn...