CVE Tools

onosproject

Networking Infrastructureoss-project

11

Cumulative CVEs

3

Monthly snapshots

#87

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting onosproject.

CVE-2025-30077Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.6.2Mar 16, 2025
CVE-2024-34050Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go.7.5Apr 29, 2024
CVE-2024-34049Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return plmnIdString[0:3], plmnIdString[3:]" in reader.go.7.5Apr 29, 2024
CVE-2023-30093A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected ...6.1May 4, 2023
CVE-2019-13624In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.9.8Jul 17, 2019
CVE-2018-1000616ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loa...9.8Jul 9, 2018
CVE-2018-1000615ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB servic...7.5Jul 9, 2018
CVE-2018-1000614ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTransl...9.8Jul 9, 2018
CVE-2018-12691Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data...6.8Jul 5, 2018
CVE-2017-13763ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.7.5Aug 30, 2017
CVE-2017-13762ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.6.1Aug 30, 2017
CVE-2015-7516ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo ...7.5Aug 24, 2017
CVE-2017-1000081Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.9.8Jul 13, 2017
CVE-2017-1000080Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.7.5Jul 13, 2017
CVE-2017-1000079Linux foundation ONOS 1.9.0 is vulnerable to a DoS.7.5Jul 13, 2017