CRITICAL🇬🇧 English

CVE-2017-1000081

CVSS 9.8v3.1pub. 2017-07-17upd. 2026-05-13

Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Onosproject Onos

    APP
    Onosproject
    1.8.01.9.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2019-13624CRITICAL9.8ten sam produkt

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote...

CVE-2018-1000616CRITICAL9.8ten sam produkt

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\dri...

CVE-2018-1000614CRITICAL9.8ten sam produkt

ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in provider...

CVE-2018-1000615HIGH7.5ten sam produkt

ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in ...

CVE-2017-13763HIGH7.5ten sam produkt

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size ...