VYPR
Vendor

floodlight

Products
1
CVEs
13
Across products
13
Status
Private

Products

1

Recent CVEs

13
  • CVE-2020-18685CriSep 30, 2021
    risk 0.64cvss 9.8epss 0.01

    Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs.

  • CVE-2020-18684CriSep 30, 2021
    risk 0.64cvss 9.8epss 0.01

    Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number.

  • CVE-2020-18683CriSep 30, 2021
    risk 0.64cvss 9.8epss 0.01

    Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling.

  • CVE-2014-2304HigOct 23, 2019
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed…

  • CVE-2013-7333HigOct 23, 2019
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access…

  • CVE-2018-1000617HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.02

    Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack…

  • CVE-2024-29461MedApr 12, 2024
    risk 0.41cvss 6.3epss 0.01

    An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component.

  • CVE-2024-51407MedNov 1, 2024
    risk 0.40cvss 6.2epss 0.00

    Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies.

  • CVE-2024-51406MedNov 1, 2024
    risk 0.40cvss 6.2epss 0.00

    Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster.

  • CVE-2018-1000163MedApr 18, 2018
    risk 0.40cvss 6.1epss 0.01

    Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console.

  • CVE-2024-57673MedFeb 6, 2025
    risk 0.36cvss 5.5epss 0.00

    An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module

  • CVE-2024-57672MedFeb 6, 2025
    risk 0.36cvss 5.5epss 0.00

    An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.

  • CVE-2015-6569MedFeb 21, 2018
    risk 0.32cvss 5.9epss 0.02

    Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack.