Vulnerabilities > Istio > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2022-10-13 CVE-2022-39278 Resource Exhaustion vulnerability in Istio
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection.
network
low complexity
istio CWE-400
7.5
2022-03-10 CVE-2022-24726 Resource Exhaustion vulnerability in Istio
Istio is an open platform to connect, manage, and secure microservices.
network
low complexity
istio CWE-400
7.5
2022-02-22 CVE-2022-23635 Improper Validation of Specified Quantity in Input vulnerability in Istio
Istio is an open platform to connect, manage, and secure microservices.
network
low complexity
istio CWE-1284
7.5
2022-01-19 CVE-2022-21701 Incorrect Authorization vulnerability in Istio 1.12.0/1.12.1
Istio is an open platform to connect, manage, and secure microservices.
network
low complexity
istio CWE-863
8.8
2021-08-24 CVE-2021-39155 Incorrect Authorization vulnerability in Istio
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.
network
low complexity
istio CWE-863
7.5
2021-08-24 CVE-2021-39156 Use of Incorrectly-Resolved Name or Reference vulnerability in Istio
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.
network
low complexity
istio CWE-706
7.5
2021-06-29 CVE-2021-34824 Unspecified vulnerability in Istio
Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.
network
low complexity
istio
8.8
2020-06-02 CVE-2020-10739 NULL Pointer Dereference vulnerability in Istio
Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service.
network
low complexity
istio CWE-476
7.5
2020-02-14 CVE-2020-8843 Improper Input Validation vulnerability in Istio
An issue was discovered in Istio 1.3 through 1.3.6.
network
high complexity
istio CWE-20
7.4