Vulnerabilities > Envoyproxy > Envoy > 1.6.0

DATE CVE VULNERABILITY TITLE RISK
2020-10-01 CVE-2020-25017 Unspecified vulnerability in Envoyproxy Envoy
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers.
network
low complexity
envoyproxy
8.3
8.3
2020-07-14 CVE-2020-15104 Origin Validation Error vulnerability in Envoyproxy Envoy
In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains.
network
low complexity
envoyproxy CWE-346
5.4
5.4
2020-07-01 CVE-2020-8663 Resource Exhaustion vulnerability in Envoyproxy Envoy
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
network
low complexity
envoyproxy CWE-400
7.5
7.5
2020-07-01 CVE-2020-12605 Allocation of Resources Without Limits or Throttling vulnerability in Envoyproxy Envoy
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
network
low complexity
envoyproxy CWE-770
7.5
7.5
2020-07-01 CVE-2020-12604 Memory Leak vulnerability in Envoyproxy Envoy
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
network
low complexity
envoyproxy CWE-401
7.5
7.5
2020-07-01 CVE-2020-12603 Resource Exhaustion vulnerability in Envoyproxy Envoy
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e.
network
low complexity
envoyproxy CWE-400
7.5
7.5
2020-04-15 CVE-2020-11767 Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue.
network
high complexity
istio envoyproxy
3.1
3.1
2020-03-04 CVE-2020-8660 Insufficient Verification of Data Authenticity vulnerability in Envoyproxy Envoy
CNCF Envoy through 1.13.0 TLS inspector bypass.
network
low complexity
envoyproxy CWE-345
5.3
5.3
2019-12-13 CVE-2019-18838 NULL Pointer Dereference vulnerability in Envoyproxy Envoy
An issue was discovered in Envoy 1.12.0.
network
low complexity
envoyproxy CWE-476
7.5
7.5
2019-12-13 CVE-2019-18802 Unspecified vulnerability in Envoyproxy Envoy
An issue was discovered in Envoy 1.12.0.
network
low complexity
envoyproxy
critical
 9.8
9.8