Onos Security Vulnerabilities and Issues — Onos CVE List

Lucene search

OnosprojectOnos

15 matches found

CVE•added 2019/07/17 3:15 a.m.•274 views

CVE-2019-13624

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.

10CVSS9.4AI score0.00428EPSS

CVE•added 2023/05/04 10:15 p.m.•44 views

CVE-2023-30093

A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.

6.1CVSS5.8AI score0.0009EPSS

CVE•added 2017/07/17 1:18 p.m.•43 views

CVE-2017-1000078

Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration

6.1CVSS5.9AI score0.00265EPSS

CVE•added 2024/04/30 12:15 a.m.•43 views

CVE-2024-34050

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<

7.5CVSS6.8AI score0.00139EPSS

CVE•added 2017/08/30 12:29 a.m.•42 views

CVE-2017-13763

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.

7.5CVSS7.5AI score0.00341EPSS

CVE•added 2017/07/17 1:18 p.m.•40 views

CVE-2017-1000080

Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.

7.5CVSS7.5AI score0.00324EPSS

CVE•added 2017/07/17 1:18 p.m.•39 views

CVE-2017-1000079

Linux foundation ONOS 1.9.0 is vulnerable to a DoS.

7.5CVSS7.4AI score0.00464EPSS

CVE•added 2017/08/30 12:29 a.m.•38 views

CVE-2017-13762

ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.

6.1CVSS6.2AI score0.00748EPSS

CVE•added 2024/04/30 12:15 a.m.•37 views

CVE-2023-52726

Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows infinite repetition of the processing of an error (in the Subscribe function implementation for the subscribed indication stream).

6.5CVSS6.8AI score0.00098EPSS

CVE•added 2018/07/09 8:29 p.m.•36 views

CVE-2018-1000614

ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller ...

9.8CVSS9.2AI score0.00551EPSS

CVE•added 2018/07/09 8:29 p.m.•36 views

CVE-2018-1000616

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenC...

9.8CVSS9.3AI score0.00347EPSS

CVE•added 2017/07/17 1:18 p.m.•35 views

CVE-2017-1000081

Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.

9.8CVSS9.8AI score0.08814EPSS

CVE•added 2017/08/24 8:29 p.m.•31 views

CVE-2015-7516

ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).

7.8CVSS7.4AI score0.01343EPSS

CVE•added 2018/07/09 8:29 p.m.•30 views

CVE-2018-1000615

ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should b...

7.5CVSS7.3AI score0.0028EPSS

CVE•added 2018/07/05 6:29 p.m.•29 views

CVE-2018-12691

Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.

6.8CVSS6.8AI score0.00183EPSS