Linux Foundation Open Network Operating System
By the Year
In 2024 there have been 0 vulnerabilities in Linux Foundation Open Network Operating System . Open Network Operating System did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 6 | 7.50 |
| 2019 | 5 | 6.86 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Open Network Operating System vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Linux Foundation Open Network Operating System Security Vulnerabilities
An issue was discovered in Open Network Operating System (ONOS) 1.14
CVE-2019-16297
7.5 - High
- February 20, 2020
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
Improper Handling of Exceptional Conditions
An issue was discovered in Open Network Operating System (ONOS) 1.14
CVE-2019-16298
7.5 - High
- February 20, 2020
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
Improper Handling of Exceptional Conditions
An issue was discovered in Open Network Operating System (ONOS) 1.14
CVE-2019-16299
7.5 - High
- February 20, 2020
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
Improper Handling of Exceptional Conditions
An issue was discovered in Open Network Operating System (ONOS) 1.14
CVE-2019-16300
7.5 - High
- February 20, 2020
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution.
Improper Handling of Exceptional Conditions
An issue was discovered in Open Network Operating System (ONOS) 1.14
CVE-2019-16301
7.5 - High
- February 20, 2020
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution.
Improper Handling of Exceptional Conditions
An issue was discovered in Open Network Operating System (ONOS) 1.14
CVE-2019-16302
7.5 - High
- February 20, 2020
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
Improper Handling of Exceptional Conditions
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation
CVE-2019-1010234
9.8 - Critical
- July 22, 2019
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity.
Improper Input Validation
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation
CVE-2019-1010245
9.8 - Critical
- July 19, 2019
The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15.
Improper Input Validation
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow
CVE-2019-1010249
4.9 - Medium
- July 18, 2019
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.
Integer Overflow or Wraparound
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation
CVE-2019-1010250
4.9 - Medium
- July 18, 2019
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity.
Improper Input Validation
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation
CVE-2019-1010252
4.9 - Medium
- July 18, 2019
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java. The attack vector is: network management and connectivity.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Linux Foundation Open Network Operating System or by Linux Foundation? Click the Watch button to subscribe.
