Filter
Apache Tomcat- Rapid Reset HTTP/2 vulnerability
First published (updated )
Envoy ProxyWhen parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters…
8.3
First published (updated )
go/github.com/envoyproxy/envoyEnvoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative pat…
10
First published (updated )
redhat/envoyEnvoy vulnerable to HTTP/2 memory leak in nghttp2 codec
7.5
First published (updated )
Envoy ProxyEnvoy vulnerable to CORS filter segfault when origin header is removed
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/envoyEnvoy's gRPC access log crash caused by the listener draining
6.5
First published (updated )
redhat/envoyEnvoy vulnerable to OAuth2 credentials exploit with permanent validity
9.8
First published (updated )
redhat/envoyEnvoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes
8.2
First published (updated )
Envoy ProxyPotential manipulate `x-envoy` headers from external sources in envoy
6.5
First published (updated )
Envoy ProxyEnvoy incorrectly accepts HTTP 200 response for entering upgrade mode
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoy ProxyEnvoy can enter an endless loop while decompressing Brotli data with extra input
7.5
First published (updated )
Envoy ProxyMalicious log injection via access logs in envoy
6.5
First published (updated )
Envoy ProxyEnvoy crashes for LocalReply in http async client
7.5
First published (updated )
Envoy Proxyoghttp2 crash on OnBeginHeadersForStream in envoy
7.5
First published (updated )
Envoy ProxyJwt filter crash in the clear route cache with remote JWKs in envoy
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoy ProxyEnvoy crashes when using an address type that isn’t supported by the OS
7.5
EPSS
0.05%
First published (updated )
Envoy ProxyEnvoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata
8.6
EPSS
0.05%
First published (updated )
Envoy ProxyEnvoy affected by a crash (use-after-free) in EnvoyQuicServerStream
5.9
First published (updated )
Envoy ProxyMalformed request header may cause route matchers or access controls to be bypassed, resulting in es…
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoy ProxyAn untrusted remote client may send HTTP/2 requests that write to the heap outside of the request bu…
9.8
First published (updated )
Envoy ProxyEnvoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a singl…
7.5
First published (updated )
Envoy ProxyUpon receiving each incoming request header data, Envoy will iterate over existing request headers t…
7.8
First published (updated )
Envoy ProxyIn Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc+…
7.5
First published (updated )
IBM Cloud Pak for Security (CP4S)Envoy Proxy could provide weaker than expected security, caused by the logging of the incorrect down…
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
IBM Cloud Pak for Security (CP4S)Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fa…
7.5
First published (updated )
Envoy ProxyEnvoy through 1.15.0 only considers the first value when multiple header values are present for some…
8.3
First published (updated )
Envoy ProxyEnvoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicali…
7.5
First published (updated )
Envoy ProxyEnvoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when process…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.