Vulnerabilities > Envoyproxy

DATE CVE VULNERABILITY TITLE RISK
2021-05-20 CVE-2021-28683 NULL Pointer Dereference vulnerability in Envoyproxy Envoy 1.16.2/1.17.1
An issue was discovered in Envoy through 1.71.1.
network
low complexity
envoyproxy CWE-476
7.5
2021-05-20 CVE-2021-29258 Reachable Assertion vulnerability in Envoyproxy Envoy
An issue was discovered in Envoy 1.14.0.
network
low complexity
envoyproxy CWE-617
7.5
2021-03-11 CVE-2021-21378 Improper Authentication vulnerability in Envoyproxy Envoy 1.17.0
Envoy is a cloud-native high-performance edge/middle/service proxy.
network
low complexity
envoyproxy CWE-287
8.2
2020-12-15 CVE-2020-35471 Unspecified vulnerability in Envoyproxy Envoy
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
network
low complexity
envoyproxy
7.5
2020-12-15 CVE-2020-35470 Unspecified vulnerability in Envoyproxy Envoy
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header.
low complexity
envoyproxy
8.8
2020-10-01 CVE-2020-25018 Unspecified vulnerability in Envoyproxy Envoy 2D69E30
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
network
low complexity
envoyproxy
7.5
2020-10-01 CVE-2020-25017 Unspecified vulnerability in Envoyproxy Envoy
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers.
network
low complexity
envoyproxy
8.3
2020-07-14 CVE-2020-15104 Origin Validation Error vulnerability in Envoyproxy Envoy
In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains.
network
low complexity
envoyproxy CWE-346
5.4
2020-07-01 CVE-2020-8663 Resource Exhaustion vulnerability in Envoyproxy Envoy
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
network
low complexity
envoyproxy CWE-400
7.5
2020-07-01 CVE-2020-12605 Allocation of Resources Without Limits or Throttling vulnerability in Envoyproxy Envoy
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
network
low complexity
envoyproxy CWE-770
7.5