1.9.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-04	CVE-2023-30093	Cross-site Scripting vulnerability in Onosproject Onos A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard. network low complexity onosproject CWE-79	6.1
2018-07-09	CVE-2018-1000616	XXE vulnerability in Onosproject Onos ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. network low complexity onosproject CWE-611	7.5
2018-07-09	CVE-2018-1000615	Unspecified vulnerability in Onosproject Onos ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. network low complexity onosproject	5.0
2018-07-09	CVE-2018-1000614	XXE vulnerability in Onosproject Onos ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. network low complexity onosproject CWE-611	7.5
2018-07-05	CVE-2018-12691	Race Condition vulnerability in Onosproject Onos Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. network onosproject CWE-362	4.3
2017-08-30	CVE-2017-13763	Allocation of Resources Without Limits or Throttling vulnerability in Onosproject Onos 1.10.0/1.8.0/1.9.0 ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. network low complexity onosproject CWE-770	5.0
2017-08-30	CVE-2017-13762	Cross-site Scripting vulnerability in Onosproject Onos 1.10.0/1.8.0/1.9.0 ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. network onosproject CWE-79	4.3
2017-07-17	CVE-2017-1000081	Unrestricted Upload of File with Dangerous Type vulnerability in Onosproject Onos 1.8.0/1.9.0 Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. network low complexity onosproject CWE-434	7.5
2017-07-17	CVE-2017-1000080	Unspecified vulnerability in Onosproject Onos 1.8.0/1.9.0 Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. network low complexity onosproject	5.0
2017-07-17	CVE-2017-1000079	Unspecified vulnerability in Onosproject Onos 1.8.0/1.9.0 Linux foundation ONOS 1.9.0 is vulnerable to a DoS. network low complexity onosproject	5.0