Vulnerabilities > Onosproject > Onos

DATE CVE VULNERABILITY TITLE RISK
2023-05-04 CVE-2023-30093 Cross-site Scripting vulnerability in Onosproject Onos
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.
network
low complexity
onosproject CWE-79
6.1
2019-07-17 CVE-2019-13624 Data Processing Errors vulnerability in Onosproject Onos 1.15.0
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.
network
low complexity
onosproject CWE-19
critical
10.0
2018-07-09 CVE-2018-1000616 XXE vulnerability in Onosproject Onos
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device..
network
low complexity
onosproject CWE-611
7.5
2018-07-09 CVE-2018-1000615 Unspecified vulnerability in Onosproject Onos
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch..
network
low complexity
onosproject
5.0
2018-07-09 CVE-2018-1000614 XXE vulnerability in Onosproject Onos
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication..
network
low complexity
onosproject CWE-611
7.5
2018-07-05 CVE-2018-12691 Race Condition vulnerability in Onosproject Onos
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.
4.3
2017-08-30 CVE-2017-13763 Allocation of Resources Without Limits or Throttling vulnerability in Onosproject Onos 1.10.0/1.8.0/1.9.0
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated.
network
low complexity
onosproject CWE-770
5.0
2017-08-30 CVE-2017-13762 Cross-site Scripting vulnerability in Onosproject Onos 1.10.0/1.8.0/1.9.0
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
4.3
2017-08-24 CVE-2015-7516 NULL Pointer Dereference vulnerability in Onosproject Onos
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).
network
low complexity
onosproject CWE-476
7.8
2017-07-17 CVE-2017-1000081 Unrestricted Upload of File with Dangerous Type vulnerability in Onosproject Onos 1.8.0/1.9.0
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
network
low complexity
onosproject CWE-434
7.5