Product
opennetworking onos
33 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-53423
CVE-2023-41591
CVE-2025-29312
CVE-2025-29311
CVE-2025-29310
CVE-2024-48809
CVE-2023-30093
CVE-2022-29944
CVE-2022-29609
CVE-2022-29608
CVE-2022-29607
CVE-2022-29606
CVE-2022-29605
CVE-2022-29604
CVE-2022-24109
CVE-2022-24035
CVE-2021-38364
CVE-2021-38363
CVE-2023-24279
CVE-2019-11189
CVE-2019-13624
CVE-2018-1999020
CVE-2018-1000616
CVE-2018-1000615
CVE-2018-1000614
CVE-2018-12691
CVE-2017-13763
CVE-2017-13762
CVE-2015-7516
CVE-2017-1000081
CVE-2017-1000080
CVE-2017-1000079
CVE-2017-1000078
all versions
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.
all versions
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-
all versions
An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing
all versions
Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Attac
all versions
An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vu
all versions
An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of
>= 1.9.0 and <= 2.7.0
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to ex
all versions
An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does no
all versions
An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that
all versions
An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow ru
all versions
An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTAL
all versions
An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a networ
all versions
An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 swi
all versions
An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is mislead
all versions
An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate i
all versions
An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topol
all versions
An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can
all versions
An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendi
>= 1.9.0 and <= 2.7.0
A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to ex
<= 2.0.0
Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.
all versions
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within s
<= 1.13.2
Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/comm
<= 1.13.1
ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\m
<= 1.13.1
ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in O
<= 1.13.1
ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/
<= 1.13.0
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and
all versions
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.
all versions
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
<= 1.4.0
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switc
all versions
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
all versions
Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.
all versions
Linux foundation ONOS 1.9.0 is vulnerable to a DoS.
all versions
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration