Vulnerabilities > Envoyproxy > Envoy > 1.12.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-15 | CVE-2020-35470 | Unspecified vulnerability in Envoyproxy Envoy Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. low complexity envoyproxy | 8.8 |
| 2020-10-01 | CVE-2020-25017 | Unspecified vulnerability in Envoyproxy Envoy Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. | 8.3 |
| 2020-07-14 | CVE-2020-15104 | Origin Validation Error vulnerability in Envoyproxy Envoy In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. | 5.4 |
| 2020-04-15 | CVE-2020-11767 | Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. | 3.1 |