Floodlight
by floodlight
Source repositories
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-57672 | 0.00 | — | 0.00 | Feb 6, 2025 | An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module. | |||
| CVE-2024-57673 | 0.00 | — | 0.00 | Feb 6, 2025 | An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module | |||
| CVE-2024-51407 | 0.00 | — | 0.00 | Nov 1, 2024 | Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies. | |||
| CVE-2024-51406 | 0.00 | — | 0.00 | Nov 1, 2024 | Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster. | |||
| CVE-2024-29461 | 0.00 | — | 0.00 | Apr 12, 2024 | An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. | |||
| CVE-2020-18683 | 0.00 | — | 0.00 | Sep 30, 2021 | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. | |||
| CVE-2020-18685 | 0.00 | — | 0.00 | Sep 30, 2021 | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. | |||
| CVE-2020-18684 | 0.00 | — | 0.00 | Sep 30, 2021 | Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. | |||
| CVE-2014-2304 | 0.00 | — | 0.00 | Oct 23, 2019 | A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed… | |||
| CVE-2013-7333 | 0.00 | — | 0.00 | Oct 23, 2019 | A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access… | |||
| CVE-2018-1000617 | 0.00 | — | 0.01 | Jul 9, 2018 | Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack… | |||
| CVE-2018-1000163 | 0.00 | — | 0.00 | Apr 18, 2018 | Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console. | |||
| CVE-2015-6569 | 0.00 | — | 0.01 | Feb 21, 2018 | Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack. |
- CVE-2024-57672Feb 6, 2025risk 0.00cvss —epss 0.00
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.
- CVE-2024-57673Feb 6, 2025risk 0.00cvss —epss 0.00
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module
- CVE-2024-51407Nov 1, 2024risk 0.00cvss —epss 0.00
Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies.
- CVE-2024-51406Nov 1, 2024risk 0.00cvss —epss 0.00
Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster.
- CVE-2024-29461Apr 12, 2024risk 0.00cvss —epss 0.00
An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component.
- CVE-2020-18683Sep 30, 2021risk 0.00cvss —epss 0.00
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling.
- CVE-2020-18685Sep 30, 2021risk 0.00cvss —epss 0.00
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs.
- CVE-2020-18684Sep 30, 2021risk 0.00cvss —epss 0.00
Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number.
- CVE-2014-2304Oct 23, 2019risk 0.00cvss —epss 0.00
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed…
- CVE-2013-7333Oct 23, 2019risk 0.00cvss —epss 0.00
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access…
- CVE-2018-1000617Jul 9, 2018risk 0.00cvss —epss 0.01
Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack…
- CVE-2018-1000163Apr 18, 2018risk 0.00cvss —epss 0.00
Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console.
- CVE-2015-6569Feb 21, 2018risk 0.00cvss —epss 0.01
Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack.