Search
Find a vulnerability
Search criteria
16 vulnerabilities by onosproject
CVE-2025-30077 (GCVE-0-2025-30077)
Vulnerability from cvelistv5 – Published: 2025-03-16 00:00 – Updated: 2025-03-17 15:51
VLAI
Summary
Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.
Severity
6.2 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| onosproject | onos-lib-go |
Affected:
0.10.28
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30077",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T15:51:16.128312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T15:51:20.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/onosproject/onos-lib-go/issues/295"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "onos-lib-go",
"vendor": "onosproject",
"versions": [
{
"status": "affected",
"version": "0.10.28",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T02:59:09.674Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/onosproject/onos-lib-go/issues/295"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-30077",
"datePublished": "2025-03-16T00:00:00.000Z",
"dateReserved": "2025-03-16T00:00:00.000Z",
"dateUpdated": "2025-03-17T15:51:20.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34050 (GCVE-0-2024-34050)
Vulnerability from cvelistv5 – Published: 2024-04-29 00:00 – Updated: 2024-08-02 02:42
VLAI
Summary
Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-129 - Improper Validation of Array Index
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| onosproject | onos |
Affected:
0.1.1
cpe:2.3:a:onosproject:onos:0.1.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:onosproject:onos:0.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "onos",
"vendor": "onosproject",
"versions": [
{
"status": "affected",
"version": "0.1.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T18:54:43.872416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T17:56:46.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/onosproject/rimedo-ts/issues/16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in \"return uint64(b[2])\u003c\u003c16 | uint64(b[1])\u003c\u003c8 | uint64(b[0])\" in reader.go."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T23:42:14.193Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/onosproject/rimedo-ts/issues/16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-34050",
"datePublished": "2024-04-29T00:00:00.000Z",
"dateReserved": "2024-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-02T02:42:59.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34049 (GCVE-0-2024-34049)
Vulnerability from cvelistv5 – Published: 2024-04-29 00:00 – Updated: 2024-08-20 17:30
VLAI
Summary
Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return plmnIdString[0:3], plmnIdString[3:]" in reader.go.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| onosproject | rimedo-ts |
Affected:
0.1.1
cpe:2.3:a:onosproject:rimedo-ts:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/onosproject/rimedo-ts/issues/16"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:onosproject:rimedo-ts:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rimedo-ts",
"vendor": "onosproject",
"versions": [
{
"status": "affected",
"version": "0.1.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34049",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T17:26:18.785728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T17:30:25.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in \"return plmnIdString[0:3], plmnIdString[3:]\" in reader.go."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T23:42:22.888Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/onosproject/rimedo-ts/issues/16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-34049",
"datePublished": "2024-04-29T00:00:00.000Z",
"dateReserved": "2024-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-20T17:30:25.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30093 (GCVE-0-2023-30093)
Vulnerability from cvelistv5 – Published: 2023-05-04 00:00 – Updated: 2025-01-29 20:46
VLAI
Summary
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.edoardoottavianelli.it/CVE-2023-30093/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=jZr2JhDd_S8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30093",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T20:46:39.157321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T20:46:44.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.edoardoottavianelli.it/CVE-2023-30093/"
},
{
"url": "https://www.youtube.com/watch?v=jZr2JhDd_S8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-30093",
"datePublished": "2023-05-04T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2025-01-29T20:46:44.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13624 (GCVE-0-2019-13624)
Vulnerability from cvelistv5 – Published: 2019-07-17 02:15 – Updated: 2024-08-04 23:57
VLAI
Summary
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gerrit.onosproject.org/#/c/20767/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/20767/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-17T02:15:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gerrit.onosproject.org/#/c/20767/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gerrit.onosproject.org/#/c/20767/",
"refsource": "MISC",
"url": "https://gerrit.onosproject.org/#/c/20767/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13624",
"datePublished": "2019-07-17T02:15:54.000Z",
"dateReserved": "2019-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:57:39.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000614 (GCVE-0-2018-1000614)
Vulnerability from cvelistv5 – Published: 2018-07-09 20:00 – Updated: 2024-09-17 00:07
VLAI
Summary
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gerrit.onosproject.org/#/c/18779/ | x_refsource_CONFIRM |
| http://gms.cl0udz.com/ONOS_Vul.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/18779/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gms.cl0udz.com/ONOS_Vul.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/18779/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gms.cl0udz.com/ONOS_Vul.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-08T15:52:41.191908",
"DATE_REQUESTED": "2018-06-24T12:50:55",
"ID": "CVE-2018-1000614",
"REQUESTER": "f3i@t00ls.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gerrit.onosproject.org/#/c/18779/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/18779/"
},
{
"name": "http://gms.cl0udz.com/ONOS_Vul.pdf",
"refsource": "MISC",
"url": "http://gms.cl0udz.com/ONOS_Vul.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000614",
"datePublished": "2018-07-09T20:00:00.000Z",
"dateReserved": "2018-07-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:07:03.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000615 (GCVE-0-2018-1000615)
Vulnerability from cvelistv5 – Published: 2018-07-09 20:00 – Updated: 2024-09-16 20:16
VLAI
Summary
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network..
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://gms.cl0udz.com/OVSDB_DOS.pdf | x_refsource_MISC |
| https://gerrit.onosproject.org/#/c/18926/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gms.cl0udz.com/OVSDB_DOS.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/18926/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gms.cl0udz.com/OVSDB_DOS.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/18926/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-08T15:52:41.193067",
"DATE_REQUESTED": "2018-06-28T02:58:34",
"ID": "CVE-2018-1000615",
"REQUESTER": "f3i@t00ls.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://gms.cl0udz.com/OVSDB_DOS.pdf",
"refsource": "MISC",
"url": "http://gms.cl0udz.com/OVSDB_DOS.pdf"
},
{
"name": "https://gerrit.onosproject.org/#/c/18926/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/18926/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000615",
"datePublished": "2018-07-09T20:00:00.000Z",
"dateReserved": "2018-07-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:16:40.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000616 (GCVE-0-2018-1000616)
Vulnerability from cvelistv5 – Published: 2018-07-09 20:00 – Updated: 2024-09-17 01:31
VLAI
Summary
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gerrit.onosproject.org/#/c/18894/ | x_refsource_CONFIRM |
| http://gms.cl0udz.com/Openconfig_xxe.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/18894/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gms.cl0udz.com/Openconfig_xxe.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\\drivers\\utilities\\src\\main\\java\\org\\onosproject\\drivers\\utilities\\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-09T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/18894/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gms.cl0udz.com/Openconfig_xxe.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-08T15:52:41.194245",
"DATE_REQUESTED": "2018-06-28T03:02:59",
"ID": "CVE-2018-1000616",
"REQUESTER": "f3i@t00ls.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\\drivers\\utilities\\src\\main\\java\\org\\onosproject\\drivers\\utilities\\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gerrit.onosproject.org/#/c/18894/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/18894/"
},
{
"name": "http://gms.cl0udz.com/Openconfig_xxe.pdf",
"refsource": "MISC",
"url": "http://gms.cl0udz.com/Openconfig_xxe.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000616",
"datePublished": "2018-07-09T20:00:00.000Z",
"dateReserved": "2018-07-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:31:35.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12691 (GCVE-0-2018-12691)
Vulnerability from cvelistv5 – Published: 2018-07-05 18:00 – Updated: 2024-08-05 08:45
VLAI
Summary
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gerrit.onosproject.org/#/c/18867/ | x_refsource_CONFIRM |
| https://wiki.onosproject.org/display/ONOS/Securit… | x_refsource_CONFIRM |
Date Public
2018-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:45:00.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/18867/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-05T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/18867/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gerrit.onosproject.org/#/c/18867/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/18867/"
},
{
"name": "https://wiki.onosproject.org/display/ONOS/Security+advisories",
"refsource": "CONFIRM",
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12691",
"datePublished": "2018-07-05T18:00:00.000Z",
"dateReserved": "2018-06-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:45:00.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13763 (GCVE-0-2017-13763)
Vulnerability from cvelistv5 – Published: 2017-08-30 00:00 – Updated: 2024-09-16 23:46
VLAI
Summary
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gerrit.onosproject.org/#/c/13831/ | x_refsource_CONFIRM |
| https://gerrit.onosproject.org/#/c/14318/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/13831/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/14318/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/13831/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/14318/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gerrit.onosproject.org/#/c/13831/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/13831/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14318/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14318/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13763",
"datePublished": "2017-08-30T00:00:00.000Z",
"dateReserved": "2017-08-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:46:15.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13762 (GCVE-0-2017-13762)
Vulnerability from cvelistv5 – Published: 2017-08-30 00:00 – Updated: 2024-09-16 16:18
VLAI
Summary
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://gerrit.onosproject.org/#/c/14067/ | x_refsource_CONFIRM |
| https://gerrit.onosproject.org/#/c/14069/ | x_refsource_CONFIRM |
| https://gerrit.onosproject.org/#/c/14182/ | x_refsource_CONFIRM |
| https://gerrit.onosproject.org/#/c/14050/ | x_refsource_CONFIRM |
| https://gerrit.onosproject.org/#/c/14049/ | x_refsource_CONFIRM |
| https://gerrit.onosproject.org/#/c/14031/ | x_refsource_CONFIRM |
| https://gerrit.onosproject.org/#/c/14148/ | x_refsource_CONFIRM |
| https://gerrit.onosproject.org/#/c/14179/ | x_refsource_CONFIRM |
| https://gerrit.onosproject.org/#/c/14170/ | x_refsource_CONFIRM |
| https://gerrit.onosproject.org/#/c/14066/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:20.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/14067/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/14069/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/14182/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/14050/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/14049/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/14031/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/14148/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/14179/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/14170/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/14066/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/14067/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/14069/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/14182/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/14050/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/14049/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/14031/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/14148/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/14179/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/14170/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.onosproject.org/#/c/14066/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gerrit.onosproject.org/#/c/14067/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14067/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14069/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14069/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14182/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14182/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14050/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14050/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14049/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14049/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14031/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14031/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14148/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14148/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14179/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14179/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14170/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14170/"
},
{
"name": "https://gerrit.onosproject.org/#/c/14066/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/14066/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13762",
"datePublished": "2017-08-30T00:00:00.000Z",
"dateReserved": "2017-08-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:18:59.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7516 (GCVE-0-2015-7516)
Vulnerability from cvelistv5 – Published: 2017-08-24 20:00 – Updated: 2024-08-06 07:51
VLAI
Summary
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://jira.onosproject.org/browse/ONOS-3349 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2015/11/26/1 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/77752 | vdb-entryx_refsource_BID |
| https://wiki.onosproject.org/display/ONOS/Securit… | x_refsource_CONFIRM |
| https://gerrit.onosproject.org/#/c/6137/ | x_refsource_MISC |
Date Public
2015-11-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.onosproject.org/browse/ONOS-3349"
},
{
"name": "[oss-security] 20151125 Re: CVE request: DoS in ONOS when handling jumbo ethernet frames",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/26/1"
},
{
"name": "77752",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gerrit.onosproject.org/#/c/6137/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-24T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.onosproject.org/browse/ONOS-3349"
},
{
"name": "[oss-security] 20151125 Re: CVE request: DoS in ONOS when handling jumbo ethernet frames",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/26/1"
},
{
"name": "77752",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gerrit.onosproject.org/#/c/6137/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.onosproject.org/browse/ONOS-3349",
"refsource": "CONFIRM",
"url": "https://jira.onosproject.org/browse/ONOS-3349"
},
{
"name": "[oss-security] 20151125 Re: CVE request: DoS in ONOS when handling jumbo ethernet frames",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/26/1"
},
{
"name": "77752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77752"
},
{
"name": "https://wiki.onosproject.org/display/ONOS/Security+advisories",
"refsource": "CONFIRM",
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
},
{
"name": "https://gerrit.onosproject.org/#/c/6137/",
"refsource": "MISC",
"url": "https://gerrit.onosproject.org/#/c/6137/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7516",
"datePublished": "2017-08-24T20:00:00.000Z",
"dateReserved": "2015-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:51:28.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000078 (GCVE-0-2017-1000078)
Vulnerability from cvelistv5 – Published: 2017-07-13 20:00 – Updated: 2024-08-05 21:53
VLAI
Summary
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wiki.onosproject.org/display/ONOS/Securit… | x_refsource_CONFIRM |
Date Public
2017-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-05-06T00:00:00.000Z",
"datePublic": "2017-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-24T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.328668",
"ID": "CVE-2017-1000078",
"REQUESTER": "mathias.morbitzer@aisec.fraunhofer.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.onosproject.org/display/ONOS/Security+advisories",
"refsource": "CONFIRM",
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000078",
"datePublished": "2017-07-13T20:00:00.000Z",
"dateReserved": "2017-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:53:06.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000079 (GCVE-0-2017-1000079)
Vulnerability from cvelistv5 – Published: 2017-07-13 20:00 – Updated: 2024-08-05 21:53
VLAI
Summary
Linux foundation ONOS 1.9.0 is vulnerable to a DoS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wiki.onosproject.org/display/ONOS/Securit… | x_refsource_CONFIRM |
Date Public
2017-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-05-06T00:00:00.000Z",
"datePublic": "2017-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Linux foundation ONOS 1.9.0 is vulnerable to a DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-24T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.329351",
"ID": "CVE-2017-1000079",
"REQUESTER": "mathias.morbitzer@aisec.fraunhofer.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux foundation ONOS 1.9.0 is vulnerable to a DoS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.onosproject.org/display/ONOS/Security+advisories",
"refsource": "CONFIRM",
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000079",
"datePublished": "2017-07-13T20:00:00.000Z",
"dateReserved": "2017-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:53:06.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000081 (GCVE-0-2017-1000081)
Vulnerability from cvelistv5 – Published: 2017-07-13 20:00 – Updated: 2024-08-05 21:53
VLAI
Summary
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wiki.onosproject.org/display/ONOS/Securit… | x_refsource_CONFIRM |
Date Public
2017-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-05-06T00:00:00.000Z",
"datePublic": "2017-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-24T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.330737",
"ID": "CVE-2017-1000081",
"REQUESTER": "mathias.morbitzer@aisec.fraunhofer.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.onosproject.org/display/ONOS/Security+advisories",
"refsource": "CONFIRM",
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000081",
"datePublished": "2017-07-13T20:00:00.000Z",
"dateReserved": "2017-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:53:06.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000080 (GCVE-0-2017-1000080)
Vulnerability from cvelistv5 – Published: 2017-07-13 20:00 – Updated: 2024-08-05 21:53
VLAI
Summary
Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wiki.onosproject.org/display/ONOS/Securit… | x_refsource_CONFIRM |
Date Public
2017-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-05-06T00:00:00.000Z",
"datePublic": "2017-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-24T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.330025",
"ID": "CVE-2017-1000080",
"REQUESTER": "mathias.morbitzer@aisec.fraunhofer.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.onosproject.org/display/ONOS/Security+advisories",
"refsource": "CONFIRM",
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000080",
"datePublished": "2017-07-13T20:00:00.000Z",
"dateReserved": "2017-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:53:06.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}