Vulnerabilities > Opennetworking
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2022-29944 | Incorrect Comparison vulnerability in Opennetworking Onos 2.5.1 An issue was discovered in ONOS 2.5.1. | 5.3 |
| 2023-03-14 | CVE-2023-24279 | Cross-site Scripting vulnerability in Opennetworking Onos A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard. | 6.1 |
| 2020-02-20 | CVE-2019-11189 | Authentication Bypass by Spoofing vulnerability in Opennetworking Onos Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. | 5.0 |
| 2018-07-23 | CVE-2018-1999020 | Path Traversal vulnerability in Opennetworking Onos Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). | 5.8 |
| 2018-05-24 | CVE-2018-1000155 | Incorrect Authorization vulnerability in Opennetworking Openflow OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. | 7.5 |