Onosproject Onos
13 CVEs affecting Onosproject Onos. Latest disclosed: 2023-05-04. Critical: 4, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-13624 | Critical | 9.8 | 2019-07-17 | In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a… |
CVE-2018-1000616 | Critical | 9.8 | 2018-07-09 | ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\driv… |
CVE-2018-1000614 | Critical | 9.8 | 2018-07-09 | ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/pro… |
CVE-2017-1000081 | Critical | 9.8 | 2017-07-17 | Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. |
CVE-2018-1000615 | High | 7.5 | 2018-07-09 | ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adv… |
CVE-2017-13763 | High | 7.5 | 2017-08-30 | ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited. |
CVE-2015-7516 | High | 7.5 | 2017-08-24 | ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two… |
CVE-2017-1000080 | High | 7.5 | 2017-07-17 | Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. |
CVE-2017-1000079 | High | 7.5 | 2017-07-17 | Linux foundation ONOS 1.9.0 is vulnerable to a DoS. |
CVE-2018-12691 | Medium | 6.8 | 2018-07-05 | Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to… |
CVE-2023-30093 | Medium | 6.1 | 2023-05-04 | A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts o… |
CVE-2017-13762 | Medium | 6.1 | 2017-08-30 | ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. |
CVE-2017-1000078 | Medium | 6.1 | 2017-07-17 | Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration |