彙總 onosproject 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 跨站腳本、XXE、緩衝區溢位與記憶體損壞,在 生產負載與軟體部署 使用場景中可能帶來 工作階段劫持、應用程式崩潰與記憶體損壞 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-34050 | Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go. | [email protected] | 7.5 | 0.55% | 2024-04-29 | 2026-06-17 |
| CVE-2024-34049 | Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return plmnIdString[0:3], plmnIdString[3:]" in reader.go. | [email protected] | 7.5 | 0.55% | 2024-04-29 | 2026-06-17 |
| CVE-2023-30093 | A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard. | [email protected] | 6.1 | 0.49% | 2023-05-04 | 2026-06-17 |
| CVE-2019-13624 | In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command. | [email protected] | 9.8 | 1.91% | 2019-07-16 | 2026-06-16 |
| CVE-2018-1000616 | ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity. | [email protected] | 9.8 | 1.41% | 2018-07-09 | 2026-06-16 |
| CVE-2018-1000615 | ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.. | [email protected] | 7.5 | 1.16% | 2018-07-09 | 2026-06-16 |
| CVE-2018-1000614 | ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message. | [email protected] | 9.8 | 1.57% | 2018-07-09 | 2026-06-16 |
| CVE-2018-12691 | Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. | [email protected] | 6.8 | 0.70% | 2018-07-05 | 2026-06-16 |
| CVE-2017-13763 | ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited. | [email protected] | 7.5 | 1.06% | 2017-08-29 | 2026-06-16 |
| CVE-2017-13762 | ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. | [email protected] | 6.1 | 1.16% | 2017-08-29 | 2026-06-16 |
| CVE-2015-7516 | ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870). | [email protected] | 7.5 | 3.69% | 2017-08-24 | 2026-06-16 |
| CVE-2017-1000081 | Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | [email protected] | 9.8 | 2.99% | 2017-07-17 | 2026-06-16 |
| CVE-2017-1000080 | Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. | [email protected] | 7.5 | 1.05% | 2017-07-17 | 2026-06-16 |
| CVE-2017-1000079 | Linux foundation ONOS 1.9.0 is vulnerable to a DoS. | [email protected] | 7.5 | 1.30% | 2017-07-17 | 2026-06-16 |
| CVE-2017-1000078 | Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration | [email protected] | 6.1 | 0.73% | 2017-07-17 | 2026-06-16 |