Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
onosproject onos vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-13763
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.
Onosproject Onos 1.10.0
Onosproject Onos 1.9.0
Onosproject Onos 1.8.0
6.1
CVSSv3
CVE-2017-13762
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
Onosproject Onos 1.9.0
Onosproject Onos 1.10.0
Onosproject Onos 1.8.0
6.1
CVSSv3
CVE-2017-1000078
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration
Onosproject Onos 1.8.0
Onosproject Onos 1.9.0
7.5
CVSSv3
CVE-2017-1000079
Linux foundation ONOS 1.9.0 is vulnerable to a DoS.
Onosproject Onos 1.8.0
Onosproject Onos 1.9.0
9.8
CVSSv3
CVE-2017-1000081
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
Onosproject Onos 1.8.0
Onosproject Onos 1.9.0
2 Github repositories
7.5
CVSSv3
CVE-2017-1000080
Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.
Onosproject Onos 1.8.0
Onosproject Onos 1.9.0
6.1
CVSSv3
CVE-2023-30093
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.
Onosproject Onos
3 Github repositories
6.8
CVSSv3
CVE-2018-12691
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and previous versions allows malicious users to bypass network access control via data plane packet injection.
Onosproject Onos
7.5
CVSSv3
CVE-2015-7516
ONOS prior to 1.5.0 when using the ifwd app allows remote malicious users to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).
Onosproject Onos
9.8
CVSSv3
CVE-2018-1000616
ONOS ONOS controller version 1.13.1 and previous versions contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on...
Onosproject Onos
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »