Vulnerabilities > Istio > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
2022-10-13 | CVE-2022-39278 | Unspecified vulnerability in Istio Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. | 7.5 |
2022-03-10 | CVE-2022-24726 | Resource Exhaustion vulnerability in Istio Istio is an open platform to connect, manage, and secure microservices. | 7.5 |
2022-02-22 | CVE-2022-23635 | Improper Validation of Specified Quantity in Input vulnerability in Istio Istio is an open platform to connect, manage, and secure microservices. | 7.5 |
2022-01-19 | CVE-2022-21701 | Incorrect Authorization vulnerability in Istio 1.12.0/1.12.1 Istio is an open platform to connect, manage, and secure microservices. | 8.8 |
2021-08-24 | CVE-2021-39155 | Incorrect Authorization vulnerability in Istio Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. | 7.5 |
2021-08-24 | CVE-2021-39156 | Use of Incorrectly-Resolved Name or Reference vulnerability in Istio Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. | 7.5 |
2021-06-29 | CVE-2021-34824 | Unspecified vulnerability in Istio Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. | 8.8 |
2020-06-02 | CVE-2020-10739 | NULL Pointer Dereference vulnerability in Istio Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. | 7.5 |
2020-02-14 | CVE-2020-8843 | Improper Input Validation vulnerability in Istio An issue was discovered in Istio 1.3 through 1.3.6. | 7.4 |