Vulnerabilities > Istio > Istio > 1.4.1

DATE CVE VULNERABILITY TITLE RISK
2020-06-02 CVE-2020-10739 NULL Pointer Dereference vulnerability in Istio
Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service.
network
low complexity
istio CWE-476
7.5
7.5
2020-04-15 CVE-2020-11767 Information Exposure vulnerability in multiple products
Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue.
network
high complexity
envoyproxy istio CWE-200
2.6
2.6
2020-02-12 CVE-2020-8595 Improper Authentication vulnerability in multiple products
Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass.
network
low complexity
istio redhat CWE-287
7.5
7.5