本頁列出影響 linuxfoundation open_network_operating_system 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2019-16302 | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | [email protected] | 7.5 | 0.61% | 2020-02-20 | 2024-11-21 |
| CVE-2019-16301 | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution. | [email protected] | 7.5 | 0.61% | 2020-02-20 | 2024-11-21 |
| CVE-2019-16300 | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution. | [email protected] | 7.5 | 0.61% | 2020-02-20 | 2024-11-21 |
| CVE-2019-16299 | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | [email protected] | 7.5 | 0.61% | 2020-02-20 | 2024-11-21 |
| CVE-2019-16298 | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | [email protected] | 7.5 | 0.61% | 2020-02-20 | 2024-11-21 |
| CVE-2019-16297 | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | [email protected] | 7.5 | 0.61% | 2020-02-20 | 2024-11-21 |
| CVE-2019-1010234 | The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity. | [email protected] | 9.8 | 0.43% | 2019-07-22 | 2024-11-21 |
| CVE-2019-1010245 | The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15. | [email protected] | 9.8 | 3.37% | 2019-07-19 | 2024-11-21 |
| CVE-2019-1010252 | The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity. | [email protected] | 4.9 | 0.18% | 2019-07-18 | 2024-11-21 |
| CVE-2019-1010250 | The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | [email protected] | 4.9 | 0.17% | 2019-07-18 | 2024-11-21 |
| CVE-2019-1010249 | The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | [email protected] | 4.9 | 0.17% | 2019-07-18 | 2024-11-21 |