| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-45806 | Potential manipulate `x-envoy` headers from external sources in envoy | envoyproxy | envoy | Medium | 6.5 | 2024-09-19 23:34:31 | Deep Dive |
| CVE-2024-45807 | oghttp2 crash on OnBeginHeadersForStream in envoy | envoyproxy | envoy | High | 7.5 | 2024-09-19 23:34:29 | Deep Dive |
| CVE-2024-45808 | Malicious log injection via access logs in envoy | envoyproxy | envoy | Medium | 6.5 | 2024-09-19 23:34:27 | Deep Dive |
| CVE-2024-45809 | Jwt filter crash in the clear route cache with remote JWKs in envoy | envoyproxy | envoy | Medium | 5.3 | 2024-09-19 23:34:24 | Deep Dive |
| CVE-2024-45810 | Envoy crashes for LocalReply in http async client | envoyproxy | envoy | Medium | 6.5 | 2024-09-19 23:34:22 | Deep Dive |
| CVE-2024-21879 | URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225 | Enphase | Envoy | - | - | 2024-08-10 17:44:50 | Deep Dive |
| CVE-2024-21878 | Command Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.x | Enphase | Envoy | - | - | 2024-08-10 17:44:49 | Deep Dive |
| CVE-2024-21877 | Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225 | Enphase | Envoy | - | - | 2024-08-10 17:44:49 | Deep Dive |
| CVE-2024-21880 | URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.x | Enphase | Envoy | - | - | 2024-08-10 17:44:48 | Deep Dive |
| CVE-2024-21881 | Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x | Enphase | Envoy | - | - | 2024-08-10 17:44:48 | Deep Dive |
| CVE-2024-39305 | Envoy Proxy use after free when route hash policy is configured with cookie attributes | envoyproxy | envoy | Medium | 6.5 | 2024-07-01 21:10:24 | Deep Dive |
| CVE-2024-32974 | Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete() | envoyproxy | envoy | Medium | 5.9 | 2024-06-04 21:00:08 | Deep Dive |
| CVE-2024-32975 | Envoy crashes in QuicheDataReader::PeekVarInt62Length() | envoyproxy | envoy | Medium | 5.9 | 2024-06-04 21:00:03 | Deep Dive |
| CVE-2024-32976 | Envoy can enter an endless loop while decompressing Brotli data with extra input | envoyproxy | envoy | High | 7.5 | 2024-06-04 21:00:00 | Deep Dive |
| CVE-2024-34362 | Envoy affected by a crash (use-after-free) in EnvoyQuicServerStream | envoyproxy | envoy | Medium | 5.9 | 2024-06-04 20:59:56 | Deep Dive |
| CVE-2024-34363 | Envoy can crash due to uncaught nlohmann JSON exception | envoyproxy | envoy | High | 7.5 | 2024-06-04 20:59:53 | Deep Dive |
| CVE-2024-34364 | Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response | envoyproxy | envoy | Medium | 5.7 | 2024-06-04 20:59:49 | Deep Dive |
| CVE-2024-23326 | Envoy incorrectly accepts HTTP 200 response for entering upgrade mode | envoyproxy | envoy | Medium | 5.9 | 2024-06-04 20:05:48 | Deep Dive |
| CVE-2024-32475 | Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes | envoyproxy | envoy | High | 7.5 | 2024-04-18 14:18:19 | Deep Dive |
| CVE-2024-30255 | HTTP/2: CPU exhaustion due to CONTINUATION frame flood | envoyproxy | envoy | Medium | 5.3 | 2024-04-04 19:41:03 | Deep Dive |