Onosproject: Security Vulnerabilities
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).
CVSS Score
7.5
EPSS Score
0.013
Published
2017-08-24
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration
CVSS Score
6.1
EPSS Score
0.003
Published
2017-07-17
Linux foundation ONOS 1.9.0 is vulnerable to a DoS.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-07-17
Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-07-17
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
CVSS Score
9.8
EPSS Score
0.088
Published
2017-07-17
Page 2