Skip to main content

Envoy

109 CVEs product

Monthly

CVE-2020-12605 HIGH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-12604 HIGH PATCH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-12603 HIGH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-11767 LOW POC Monitor

Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Envoy Istio
NVD GitHub
CVSS 3.1
3.1
EPSS
1.8%
CVE-2020-8660 MEDIUM This Month

CNCF Envoy through 1.13.0 TLS inspector bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-8664 MEDIUM This Month

CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-8661 HIGH This Week

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy Openshift Service Mesh
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-8659 HIGH This Week

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy Openshift Service Mesh Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-18838 HIGH POC PATCH This Week

An issue was discovered in Envoy 1.12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-18802 CRITICAL POC PATCH Act Now

An issue was discovered in Envoy 1.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-18801 CRITICAL POC PATCH Act Now

An issue was discovered in Envoy 1.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Envoy
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-18836 HIGH POC This Week

Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy Istio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-15226 HIGH PATCH This Week

Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
65.4%
CVE-2019-15225 HIGH POC This Week

In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.0
7.5
EPSS
3.4%
CVE-2019-9901 Go CRITICAL PATCH Act Now

Envoy 1.9.0 and before does not normalize HTTP URL paths. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.0
10.0
EPSS
2.7%
CVE-2019-9900 HIGH POC This Week

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy Openshift Service Mesh
NVD GitHub
CVSS 3.1
8.3
EPSS
3.7%
CVE-2019-7678 CRITICAL Act Now

A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Envoy
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-7677 MEDIUM POC This Month

XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Envoy
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-7676 HIGH This Week

A weak password vulnerability was discovered in Enphase Envoy R3.*.*. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Envoy
NVD GitHub
CVSS 3.0
7.2
EPSS
1.7%
EPSS 1% CVSS 7.5
HIGH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
EPSS 2% CVSS 3.1
LOW POC Monitor

Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Envoy Istio
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

CNCF Envoy through 1.13.0 TLS inspector bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy Openshift Service Mesh
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy Openshift Service Mesh +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in Envoy 1.12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Envoy
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in Envoy 1.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Envoy
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in Envoy 1.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Envoy
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy Istio
NVD GitHub
EPSS 65% CVSS 7.5
HIGH PATCH This Week

Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Envoy
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
EPSS 3% CVSS 10.0
CRITICAL PATCH Act Now

Envoy 1.9.0 and before does not normalize HTTP URL paths. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy
NVD GitHub
EPSS 4% CVSS 8.3
HIGH POC This Week

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy Openshift Service Mesh
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Envoy
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Envoy
NVD GitHub
EPSS 2% CVSS 7.2
HIGH This Week

A weak password vulnerability was discovered in Enphase Envoy R3.*.*. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Envoy
NVD GitHub
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy