floodlight (atlassian) — Vulnerabilities

Signals

Monitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real timeMonitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real time

Vendors · atlassian · floodlight

floodlight

· 3 Criticalatlassian · 4 known vulnerabilities

Total

Critical

High

Medium

CISA KEV

CVE-2020-18685CRITICAL 9.8

Sep 29, 2021

Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs.

CVE-2020-18684CRITICAL 9.8

Sep 29, 2021

Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number.

CVE-2020-18683CRITICAL 9.8

Sep 29, 2021

Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling.

CVE-2015-6569

Feb 21, 2018

Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack.

All atlassian products All Vendors CVE Database KEV Catalog