Vulnerabilities (CVE)

Filtered by vendor Linuxfoundation Subscribe
Filtered by product Open Network Operating System
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16302 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
CVE-2019-16301 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution.
CVE-2019-16300 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution.
CVE-2019-16299 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
CVE-2019-16298 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
CVE-2019-16297 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
CVE-2019-1010252 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 5.5 MEDIUM 4.9 MEDIUM
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity.
CVE-2019-1010250 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 5.5 MEDIUM 4.9 MEDIUM
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.
CVE-2019-1010249 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 5.5 MEDIUM 4.9 MEDIUM
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.
CVE-2019-1010245 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15.
CVE-2019-1010234 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity.