cbcvebase.

Linuxfoundation Open Network Operating System vulnerabilities

11 known vulnerabilities affecting linuxfoundation/open_network_operating_system.

Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH6MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2019-1010245P2CRITICALCVSS 9.8≤ 1.152019-07-19
CVE-2019-1010245 [CRITICAL] CWE-20 CVE-2019-1010245: The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Va The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed v
nvd
CVE-2019-1010234P3CRITICALCVSS 9.8≤ 1.15.02019-07-22
CVE-2019-1010234 [CRITICAL] CWE-20 CVE-2019-1010234: The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity.
nvd
CVE-2019-16300P3HIGHCVSS 7.5v1.14.02020-02-20
CVE-2019-16300 [HIGH] CWE-755 CVE-2019-16300: An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control applicat An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution.
nvd
CVE-2019-16298P3HIGHCVSS 7.5v1.14.02020-02-20
CVE-2019-16298 [HIGH] CWE-755 CVE-2019-16298: An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband netwo An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execu
nvd
CVE-2019-16301P3HIGHCVSS 7.5v1.14.02020-02-20
CVE-2019-16301 [HIGH] CWE-755 CVE-2019-16301: An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution.
nvd
CVE-2019-16302P3HIGHCVSS 7.5v1.14.02020-02-20
CVE-2019-16302 [HIGH] CWE-755 CVE-2019-16302: An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN applicatio An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
nvd
CVE-2019-16299P3HIGHCVSS 7.5v1.14.02020-02-20
CVE-2019-16299 [HIGH] CWE-755 CVE-2019-16299: An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (o An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
nvd
CVE-2019-16297P3HIGHCVSS 7.5v1.14.02020-02-20
CVE-2019-16297 [HIGH] CWE-755 CVE-2019-16297: An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
nvd
CVE-2019-1010250P4MEDIUMCVSS 4.9≤ 2.0.02019-07-18
CVE-2019-1010250 [MEDIUM] CWE-20 CVE-2019-1010250: The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connec
nvd
CVE-2019-1010249P4MEDIUMCVSS 4.9≤ 2.0.02019-07-18
CVE-2019-1010249 [MEDIUM] CWE-190 CVE-2019-1010249: The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A netwo The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectiv
nvd
CVE-2019-1010252P4MEDIUMCVSS 4.9≤ 2.0.02019-07-18
CVE-2019-1010252 [MEDIUM] CWE-20 CVE-2019-1010252: The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity.
nvd
Linuxfoundation Open Network Operating System vulnerabilities | cvebase