Vulnerabilities > Istio

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 Resource Exhaustion vulnerability in multiple products
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
2022-11-10 CVE-2022-39388 Incorrect Authorization vulnerability in Istio 1.15.0/1.15.1/1.15.2
Istio is an open platform to connect, manage, and secure microservices.
low complexity
istio CWE-863
3.5
2022-10-13 CVE-2022-39278 Resource Exhaustion vulnerability in Istio
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection.
network
low complexity
istio CWE-400
7.5
2022-06-09 CVE-2022-31045 Out-of-bounds Read vulnerability in Istio
Istio is an open platform to connect, manage, and secure microservices.
network
low complexity
istio CWE-125
7.5
2022-03-10 CVE-2022-24726 Resource Exhaustion vulnerability in Istio
Istio is an open platform to connect, manage, and secure microservices.
network
low complexity
istio CWE-400
5.0
2022-02-22 CVE-2022-23635 Improper Validation of Specified Quantity in Input vulnerability in Istio
Istio is an open platform to connect, manage, and secure microservices.
network
low complexity
istio CWE-1284
7.5
2022-01-19 CVE-2022-21679 Always-Incorrect Control Flow Implementation vulnerability in Istio 1.12.0/1.12.1
Istio is an open platform to connect, manage, and secure microservices.
network
low complexity
istio CWE-670
7.5
2022-01-19 CVE-2022-21701 Incorrect Authorization vulnerability in Istio 1.12.0/1.12.1
Istio is an open platform to connect, manage, and secure microservices.
network
istio CWE-863
6.0
2021-08-24 CVE-2021-39155 Incorrect Authorization vulnerability in Istio
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.
network
low complexity
istio CWE-863
7.5
2021-08-24 CVE-2021-39156 Use of Incorrectly-Resolved Name or Reference vulnerability in Istio
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.
network
low complexity
istio CWE-706
7.5