floodlight
Products
1- 13 CVEs
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-18685 | Cri | 0.64 | 9.8 | 0.01 | Sep 30, 2021 | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. | ||
| CVE-2020-18684 | Cri | 0.64 | 9.8 | 0.01 | Sep 30, 2021 | Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. | ||
| CVE-2020-18683 | Cri | 0.64 | 9.8 | 0.01 | Sep 30, 2021 | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. | ||
| CVE-2014-2304 | Hig | 0.49 | 7.5 | 0.01 | Oct 23, 2019 | A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed… | ||
| CVE-2013-7333 | Hig | 0.49 | 7.5 | 0.01 | Oct 23, 2019 | A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access… | ||
| CVE-2018-1000617 | Hig | 0.49 | 7.5 | 0.02 | Jul 9, 2018 | Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack… | ||
| CVE-2024-29461 | Med | 0.41 | 6.3 | 0.01 | Apr 12, 2024 | An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. | ||
| CVE-2024-51407 | Med | 0.40 | 6.2 | 0.00 | Nov 1, 2024 | Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies. | ||
| CVE-2024-51406 | Med | 0.40 | 6.2 | 0.00 | Nov 1, 2024 | Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster. | ||
| CVE-2018-1000163 | Med | 0.40 | 6.1 | 0.01 | Apr 18, 2018 | Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console. | ||
| CVE-2024-57673 | Med | 0.36 | 5.5 | 0.00 | Feb 6, 2025 | An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module | ||
| CVE-2024-57672 | Med | 0.36 | 5.5 | 0.00 | Feb 6, 2025 | An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module. | ||
| CVE-2015-6569 | Med | 0.32 | 5.9 | 0.02 | Feb 21, 2018 | Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack. |
- risk 0.64cvss 9.8epss 0.01
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs.
- risk 0.64cvss 9.8epss 0.01
Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number.
- risk 0.64cvss 9.8epss 0.01
Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed…
- risk 0.49cvss 7.5epss 0.01
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access…
- risk 0.49cvss 7.5epss 0.02
Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack…
- risk 0.41cvss 6.3epss 0.01
An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component.
- risk 0.40cvss 6.2epss 0.00
Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies.
- risk 0.40cvss 6.2epss 0.00
Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster.
- risk 0.40cvss 6.1epss 0.01
Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console.
- risk 0.36cvss 5.5epss 0.00
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module
- risk 0.36cvss 5.5epss 0.00
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.
- risk 0.32cvss 5.9epss 0.02
Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack.