Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

onosproject onos vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2017-13763
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.
Onosproject Onos 1.10.0Onosproject Onos 1.9.0Onosproject Onos 1.8.0
6.1
CVSSv3
CVE-2017-13762
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
Onosproject Onos 1.9.0Onosproject Onos 1.10.0Onosproject Onos 1.8.0
6.1
CVSSv3
CVE-2017-1000078
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration
Onosproject Onos 1.8.0Onosproject Onos 1.9.0
7.5
CVSSv3
CVE-2017-1000079
Linux foundation ONOS 1.9.0 is vulnerable to a DoS.
Onosproject Onos 1.8.0Onosproject Onos 1.9.0
9.8
CVSSv3
CVE-2017-1000081
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
Onosproject Onos 1.8.0Onosproject Onos 1.9.0
7.5
CVSSv3
CVE-2017-1000080
Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.
Onosproject Onos 1.8.0Onosproject Onos 1.9.0
6.1
CVSSv3
CVE-2023-30093
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.
Onosproject Onos
6.8
CVSSv3
CVE-2018-12691
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and previous versions allows malicious users to bypass network access control via data plane packet injection.
Onosproject Onos
7.5
CVSSv3
CVE-2015-7516
ONOS prior to 1.5.0 when using the ifwd app allows remote malicious users to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).
Onosproject Onos
9.8
CVSSv3
CVE-2018-1000616
ONOS ONOS controller version 1.13.1 and previous versions contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on...
Onosproject Onos
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook