CVE-2025-0752

all versions

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhausti

7.1HIGH

CVE-2023-44487

all versions

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q

7.5HIGH

CVE-2022-3962

all versions

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page

4.3MEDIUM

CVE-2021-3586

all versions

A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports ma

9.8CRITICAL

CVE-2021-3495

all versions

An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an

8.8HIGH

CVE-2019-25014

all versions

A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a p

6.5MEDIUM

CVE-2020-27846

all versions

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The hig

9.8CRITICAL

CVE-2020-1762

all versions

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wh

7.0HIGH

CVE-2020-1764

all versions

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A

8.6HIGH

CVE-2020-8661

all versions

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.

7.5HIGH

CVE-2020-8659

all versions

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.

7.5HIGH

CVE-2020-1704

< 1.0.8

An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before

7.0HIGH

CVE-2020-8595

all versions

Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authenti

7.3HIGH

CVE-2019-9518

all versions

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker se

7.5HIGH

CVE-2019-9517

all versions

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. Th

7.5HIGH

CVE-2019-9516

all versions

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stre

6.5MEDIUM

CVE-2019-9515

all versions

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a s

7.5HIGH

CVE-2019-9514

all versions

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a numb

7.5HIGH

CVE-2019-9513

all versions

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates mul

7.5HIGH

CVE-2019-9511

all versions

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading

7.5HIGH

CVE-2019-9900

all versions

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows

8.3HIGH