Vulnerabilities > Envoyproxy
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-20 | CVE-2021-28683 | NULL Pointer Dereference vulnerability in Envoyproxy Envoy 1.16.2/1.17.1 An issue was discovered in Envoy through 1.71.1. | 7.5 |
2021-05-20 | CVE-2021-29258 | Reachable Assertion vulnerability in Envoyproxy Envoy An issue was discovered in Envoy 1.14.0. | 7.5 |
2021-03-11 | CVE-2021-21378 | Improper Authentication vulnerability in Envoyproxy Envoy 1.17.0 Envoy is a cloud-native high-performance edge/middle/service proxy. | 8.2 |
2020-12-15 | CVE-2020-35471 | Unspecified vulnerability in Envoyproxy Envoy Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500. | 7.5 |
2020-12-15 | CVE-2020-35470 | Unspecified vulnerability in Envoyproxy Envoy Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. low complexity envoyproxy | 8.8 |
2020-10-01 | CVE-2020-25018 | Unspecified vulnerability in Envoyproxy Envoy 2D69E30 Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization. | 7.5 |
2020-10-01 | CVE-2020-25017 | Unspecified vulnerability in Envoyproxy Envoy Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. | 8.3 |
2020-07-14 | CVE-2020-15104 | Origin Validation Error vulnerability in Envoyproxy Envoy In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. | 5.4 |
2020-07-01 | CVE-2020-8663 | Resource Exhaustion vulnerability in Envoyproxy Envoy Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. | 7.5 |
2020-07-01 | CVE-2020-12605 | Allocation of Resources Without Limits or Throttling vulnerability in Envoyproxy Envoy Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs. | 7.5 |