22 matches found
CVE-2019-9513
CVE-2019-9513 (and related HTTP/2 CVEs) affect nginx and nghttp2. The issues enable denial of service via HTTP/2 resource loops and priority/window manipulation, causing high CPU/memory usage. nginx 1.16.x and nghttp2 are specifically named in advisories; remediation is upgrading to fixed package...
CVE-2019-9517
CVE-2019-9517 describes an attack against some HTTP/2 implementations where unconstrained internal data buffering can cause a denial of service. The vulnerability arises when an attacker floods a connection with a large number of requests for a large response object while manipulating HTTP/2 flow...
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2019-9511
CVE-2019-9511 is an HTTP/2 denial-of-service issue observed in multiple products where an attacker manipulates HTTP/2 window size and stream prioritization to force queuing of data in 1-byte chunks, potentially exhausting CPU/memory. Connected advisories confirm affected components include nginx ...
CVE-2019-9516
CVE-2019-9516 is an HTTP/2 header leak vulnerability affecting nginx and several Linux distributions. The issue occurs when an attacker sends streams with 0-length header names and values (optionally Huffman encoded), causing nginx to allocate memory for headers that may be kept until the session...
CVE-2019-9514
CVE-2019-9514 corresponds to an HTTP/2 vulnerability where an attacker floods a peer by sending HEADERS frames, causing unbounded memory growth and potential DoS. Public details in connected advisories show affected stacks include Go HTTP/2 implementations and Go-based tools, with remediation via...
CVE-2019-9518
CVE-2019-9518 describes a denial-of-service risk in HTTP/2 where a flood of frames with empty payloads (DATA, HEADERS, CONTINUATION, PUSH_PROMISE) and no end-of-stream flag can exhaust CPU and memory. Connected docs confirm concrete mentions across multiple ecosystems: Cloud Foundry products (emp...
CVE-2019-9515
CVE-2019-9515 concerns an HTTP/2 settings flood that can cause memory/CPU exhaustion. Arista’s security advisory (Security Advisory 0043) states the vulnerability is in Go’s gRPC HTTP/2 usage and can affect TerminAttr, OpenConfig, CVP, and certain Wi‑Fi OpenConfig-enabled components when enabled....
CVE-2020-27846
CVE-2020-27846 is a signature verification vulnerability in crewjam/saml that can allow bypass of SAML authentication. The issue affects Grafana deployments including affected Grafana versions referenced in multiple advisories (e.g., Red Hat RHSA-2021:1859) and is scored with a high/critical impa...
CVE-2026-47774
CVE-2026-47774 affects Envoy prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1. A vulnerability in HTTP/2 downstream request processing combines two issues: (1) cookie header bytes are not fully accounted for during request header size validation, and (2) HPACK header limits are enforced on e...
CVE-2020-1764
CVE-2020-1764 concerns a hard-coded cryptographic key in Kiali’s default config, affecting all versions
CVE-2022-3962
CVE-2022-3962 affects Kiali and is described as a content spoofing vulnerability. The issue arises because Kiali does not implement proper error handling when the target page or endpoint cannot be found, permitting an attacker to inject arbitrary text via error responses retrieved from the URL. T...
CVE-2020-1762
CVE-2020-1762 affects Kiali versions 0.4.0 to 1.15.0; root cause is insufficient JWT validation. An attacker could steal a valid JWT cookie and use it to spoof a user session, potentially gaining privileges to view and alter Istio configuration. The issue was fixed in Kiali 1.15.1. Remediation is...
CVE-2020-8659
CVE-2020-8659 affects the Envoy proxy used in Photon OS (Envoy package). The vulnerability causes memory exhaustion when proxying HTTP/1.1 requests or responses with many tiny chunks. Photon OS advisories PHSA-2020-1.0-0290 and PHSA-2020-2.0-0229 indicate updates to the envoy package are availabl...
CVE-2020-8661
CVE-2020-8661 affects Envoy (via Red Hat OpenShift Service Mesh 1.0.9 servicemesh-proxy). The Red Hat advisory RHSA-2020:0734 lists CVE-2020-8661 among fixes and describes mitigations for multiple envoy issues; the vulnerability is mapped to excessive CPU/memory use when proxying HTTP/1.1, which ...
CVE-2019-25014
CVE-2019-25014 involves a NULL pointer dereference in Istio’s Istio-pilot component (pkg/proxy/envoy/v2/debug.go getResourceVersion) prior to 1.5.0-alpha.0. A specific HTTP GET to the pilot debug API endpoint can cause the Go runtime to panic, yielding a denial-of-service against istio-pilot. The...
CVE-2021-3495
The CVE-2021-3495 vulnerability is an improper access-control flaw in kiali-operator before version 1.33.0 (and before 1.24.7 for the alternate stream). An attacker with basic cluster access could deploy a specified image to any namespace, potentially accessing privileged service account tokens a...
CVE-2019-9900
Technical details about CVE-2019-9900 are not provided in the connected documents. The initial description notes an issue in Envoy 1.9.0 and earlier with HTTP header parsing, but no public details are included here; monitor for updates.
CVE-2021-3586
CVE-2021-3586 concerns Red Hat OpenShift Service Mesh (servicemesh-operator). The issue is that NetworkPolicy resources for Maistra do not properly specify ingress ports, potentially allowing access to all ports from any pod, which can impact confidentiality, integrity, and availability. The vuln...
CVE-2020-8595
CVE-2020-8595 affects Istio: authentication bypass via the Authentication Policy exact-path matching logic in Istio versions 1.2.10 (End of Life) and earlier, 1.3.x up to 1.3.7, and 1.4.x up to 1.4.3. An attacker can gain unauthorized access to HTTP paths configured to require a valid JWT by mani...
CVE-2020-1704
CVE-2020-1704 describes an insecure modification vulnerability in the openshift/istio-kialia-rhel7-operator-container of OpenShift Service Mesh (Maistra) prior to 1.0.8. An attacker with container access could modify /etc/passwd to escalate privileges, causing local privilege escalation (privileg...
CVE-2025-0752
OpenShift Service Mesh (versions 2.5.6 and 2.6.3) is affected by a vulnerability in Envoy related to improper HTTP header sanitization. The underlying issue can enable rate-limiter circumvention, bypass of access controls, and may lead to CPU and memory exhaustion and replay attacks. The CVE desc...