Analyzed
4 months
ago.
based on code collected
5 months
ago.
Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2020-18685 | Critical | Sep 30, 2021 | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP o more... |
v1.2, v0.91, v1.1, v1.0, v0.90, v0.85, v0.82, v0.8
|
|
| CVE-2020-18684 | BDSA-2021-3561 | Critical | Sep 30, 2021 | Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. |
v1.2, v0.91, v1.1, v1.0, v0.90, v0.85, v0.82, v0.8
|
| CVE-2020-18683 | Critical | Sep 30, 2021 | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. |
v1.2, v0.91, v1.1, v1.0, v0.90, v0.85, v0.82, v0.8
|
|
| CVE-2018-1000617 | High | Jul 09, 2018 | Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module t more... |
v1.2, v0.91, v1.1, v1.0, v0.90, v0.85, v0.82, v0.8
|
|
| CVE-2018-1000163 | Medium | Apr 18, 2018 | Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into more... |
v1.2, v0.91, v1.1, v1.0, v0.90, v0.85, v0.82, v0.8
|
|
| BDSA-2024-8046 | Medium | Nov 04, 2024 | Floodlight SDN OpenFlow Controller has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies. more... | ||
| BDSA-2024-8044 | Medium | Nov 04, 2024 | Floodlight SDN Open Flow Controller has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodl more... | ||
| BDSA-2024-1293 | Medium | Apr 16, 2024 | An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. **Note: CVE more... |
