Vulnerabilities > Onosproject > Onos > 1.8.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-09 | CVE-2018-1000616 | XXE vulnerability in Onosproject Onos ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. | 7.5 |
| 2018-07-09 | CVE-2018-1000615 | Unspecified vulnerability in Onosproject Onos ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. | 5.0 |
| 2018-07-09 | CVE-2018-1000614 | XXE vulnerability in Onosproject Onos ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. | 7.5 |
| 2018-07-05 | CVE-2018-12691 | Race Condition vulnerability in Onosproject Onos Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. | 4.3 |
| 2017-08-30 | CVE-2017-13763 | Allocation of Resources Without Limits or Throttling vulnerability in Onosproject Onos 1.10.0/1.8.0/1.9.0 ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. | 5.0 |
| 2017-08-30 | CVE-2017-13762 | Cross-site Scripting vulnerability in Onosproject Onos 1.10.0/1.8.0/1.9.0 ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. | 4.3 |
| 2017-07-17 | CVE-2017-1000081 | Unrestricted Upload of File with Dangerous Type vulnerability in Onosproject Onos 1.8.0/1.9.0 Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | 7.5 |
| 2017-07-17 | CVE-2017-1000080 | Unspecified vulnerability in Onosproject Onos 1.8.0/1.9.0 Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. | 5.0 |
| 2017-07-17 | CVE-2017-1000079 | Unspecified vulnerability in Onosproject Onos 1.8.0/1.9.0 Linux foundation ONOS 1.9.0 is vulnerable to a DoS. | 5.0 |
| 2017-07-17 | CVE-2017-1000078 | Cross-site Scripting vulnerability in Onosproject Onos 1.8.0/1.9.0 Linux foundation ONOS 1.9 is vulnerable to XSS in the device. | 4.3 |