Every CVE whose affected-product data names Onosproject Onos, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2018-1000616 — CVSS 9.8 (critical): ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\o…
CVE-2019-13624 — CVSS 9.8 (critical): In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings…
CVE-2018-1000614 — CVSS 9.8 (critical): ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/…
CVE-2017-1000081 — CVSS 9.8 (critical): Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
CVE-2018-1000615 — CVSS 7.5 (high): ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that…
CVE-2015-7516 — CVSS 7.5 (high): ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch…
CVE-2017-13763 — CVSS 7.5 (high): ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.
CVE-2018-12691 — CVSS 6.8 (medium): Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier…
CVE-2023-30093 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute…