Filtered by vendor Onosproject
Subscriptions
Total
15 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-52726 | 1 Onosproject | 1 Onos | 2024-11-21 | 6.5 Medium |
Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows infinite repetition of the processing of an error (in the Subscribe function implementation for the subscribed indication stream). | ||||
CVE-2023-30093 | 1 Onosproject | 1 Onos | 2024-11-21 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard. | ||||
CVE-2019-13624 | 1 Onosproject | 1 Onos | 2024-11-21 | N/A |
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command. | ||||
CVE-2018-12691 | 1 Onosproject | 1 Onos | 2024-11-21 | N/A |
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. | ||||
CVE-2018-1000616 | 1 Onosproject | 1 Onos | 2024-11-21 | N/A |
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity. | ||||
CVE-2018-1000615 | 1 Onosproject | 1 Onos | 2024-11-21 | N/A |
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.. | ||||
CVE-2018-1000614 | 1 Onosproject | 1 Onos | 2024-11-21 | N/A |
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message. | ||||
CVE-2017-13763 | 1 Onosproject | 1 Onos | 2024-11-21 | N/A |
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited. | ||||
CVE-2017-13762 | 1 Onosproject | 1 Onos | 2024-11-21 | N/A |
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. | ||||
CVE-2017-1000081 | 1 Onosproject | 1 Onos | 2024-11-21 | 9.8 Critical |
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | ||||
CVE-2017-1000080 | 1 Onosproject | 1 Onos | 2024-11-21 | 7.5 High |
Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. | ||||
CVE-2017-1000079 | 1 Onosproject | 1 Onos | 2024-11-21 | 7.5 High |
Linux foundation ONOS 1.9.0 is vulnerable to a DoS. | ||||
CVE-2017-1000078 | 1 Onosproject | 1 Onos | 2024-11-21 | 6.1 Medium |
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration | ||||
CVE-2015-7516 | 1 Onosproject | 1 Onos | 2024-11-21 | N/A |
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870). | ||||
CVE-2024-48809 | 2 Aetherproject, Onosproject | 3 Onos-a1t, Sdran-in-a-box, Sdran-in-a-box | 2024-11-06 | 7.5 High |
An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specifically the DeleteWatcher function. |
Page 1 of 1.