Vulnerabilities > Istio > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2022-10-13 CVE-2022-39278 Resource Exhaustion vulnerability in Istio
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection.
network
low complexity
istio CWE-400
7.5
2022-06-09 CVE-2022-31045 Out-of-bounds Read vulnerability in Istio
Istio is an open platform to connect, manage, and secure microservices.
network
low complexity
istio CWE-125
7.5
2022-02-22 CVE-2022-23635 Improper Validation of Specified Quantity in Input vulnerability in Istio
Istio is an open platform to connect, manage, and secure microservices.
network
low complexity
istio CWE-1284
7.5
2022-01-19 CVE-2022-21679 Always-Incorrect Control Flow Implementation vulnerability in Istio 1.12.0/1.12.1
Istio is an open platform to connect, manage, and secure microservices.
network
low complexity
istio CWE-670
7.5
2021-08-24 CVE-2021-39155 Incorrect Authorization vulnerability in Istio
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.
network
low complexity
istio CWE-863
7.5
2021-08-24 CVE-2021-39156 Use of Incorrectly-Resolved Name or Reference vulnerability in Istio
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.
network
low complexity
istio CWE-706
7.5
2020-06-02 CVE-2020-10739 NULL Pointer Dereference vulnerability in Istio
Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service.
network
low complexity
istio CWE-476
7.5
2020-02-12 CVE-2020-8595 Improper Authentication vulnerability in multiple products
Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass.
network
low complexity
istio redhat CWE-287
7.5
2019-11-11 CVE-2019-18836 Infinite Loop vulnerability in multiple products
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."
network
low complexity
envoyproxy istio CWE-835
7.5