Vulnerabilities > Onosproject > Onos > 1.9.0

DATE CVE VULNERABILITY TITLE RISK
2023-05-04 CVE-2023-30093 Cross-site Scripting vulnerability in Onosproject Onos
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.
network
low complexity
onosproject CWE-79
6.1
6.1
2018-07-09 CVE-2018-1000616 XXE vulnerability in Onosproject Onos
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device..
network
low complexity
onosproject CWE-611
critical
 9.8
9.8
2018-07-09 CVE-2018-1000615 Unspecified vulnerability in Onosproject Onos
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch..
network
low complexity
onosproject
7.5
7.5
2018-07-09 CVE-2018-1000614 XXE vulnerability in Onosproject Onos
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication..
network
low complexity
onosproject CWE-611
critical
 9.8
9.8
2018-07-05 CVE-2018-12691 Race Condition vulnerability in Onosproject Onos
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.
network
high complexity
onosproject CWE-362
6.8
6.8
2017-08-30 CVE-2017-13763 Allocation of Resources Without Limits or Throttling vulnerability in Onosproject Onos 1.10.0/1.8.0/1.9.0
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated.
network
low complexity
onosproject CWE-770
7.5
7.5
2017-08-30 CVE-2017-13762 Cross-site Scripting vulnerability in Onosproject Onos 1.10.0/1.8.0/1.9.0
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
network
low complexity
onosproject CWE-79
6.1
6.1
2017-07-17 CVE-2017-1000081 Unrestricted Upload of File with Dangerous Type vulnerability in Onosproject Onos 1.8.0/1.9.0
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
network
low complexity
onosproject CWE-434
critical
 9.8
9.8
2017-07-17 CVE-2017-1000080 Unspecified vulnerability in Onosproject Onos 1.8.0/1.9.0
Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.
network
low complexity
onosproject
7.5
7.5
2017-07-17 CVE-2017-1000079 Unspecified vulnerability in Onosproject Onos 1.8.0/1.9.0
Linux foundation ONOS 1.9.0 is vulnerable to a DoS.
network
low complexity
onosproject
7.5
7.5