projectfloodlight CVE Vulnerabilities & Metrics

Focus on projectfloodlight vulnerabilities and metrics.

Last updated: 27 Apr 2025, 22:25 UTC

About projectfloodlight Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with projectfloodlight. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total projectfloodlight CVEs: 5
Earliest CVE date: 18 Apr 2018, 19:29 UTC
Latest CVE date: 06 Feb 2025, 20:15 UTC

Latest CVE reference: CVE-2024-57673

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical projectfloodlight CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.42

Max CVSS: 7.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	2
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS projectfloodlight CVEs

These are the five CVEs with the highest CVSS scores for projectfloodlight, sorted by severity first and recency.

CVE-2013-7333 projectfloodlight Published on 23 Oct 2019, 17:15 UTC (CVSS: 7.8)
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch.
CVE-2014-2304 projectfloodlight Published on 23 Oct 2019, 18:15 UTC (CVSS: 5.0)
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures.
CVE-2018-1000163 projectfloodlight Published on 18 Apr 2018, 19:29 UTC (CVSS: 4.3)
Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console.
CVE-2024-57673 projectfloodlight Published on 06 Feb 2025, 20:15 UTC (CVSS: 0)
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module
CVE-2024-57672 projectfloodlight Published on 06 Feb 2025, 20:15 UTC (CVSS: 0)
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.

All CVEs for projectfloodlight

CVE-2024-57673 projectfloodlight vulnerability CVSS: 0 06 Feb 2025, 20:15 UTC

An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module

CVE-2024-57672 projectfloodlight vulnerability CVSS: 0 06 Feb 2025, 20:15 UTC

An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.

CVE-2014-2304 projectfloodlight vulnerability CVSS: 5.0 23 Oct 2019, 18:15 UTC

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures.

CVE-2013-7333 projectfloodlight vulnerability CVSS: 7.8 23 Oct 2019, 17:15 UTC

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch.

CVE-2018-1000163 projectfloodlight vulnerability CVSS: 4.3 18 Apr 2018, 19:29 UTC

Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console.