| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-27919 | HTTP/2: memory exhaustion due to CONTINUATION frame flood | envoyproxy | envoy | High | 7.5 | 2024-04-04 14:30:11 | Deep Dive |
| CVE-2024-23322 | Envoy crashes when idle and request per try timeout occur within the backoff interval | envoyproxy | envoy | High | 7.5 | 2024-02-09 22:51:54 | Deep Dive |
| CVE-2024-23323 | Excessive CPU usage when URI template matcher is configured using regex in Envoy | envoyproxy | envoy | Medium | 4.3 | 2024-02-09 22:50:19 | Deep Dive |
| CVE-2024-23324 | Envoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata | envoyproxy | envoy | High | 8.6 | 2024-02-09 22:48:27 | Deep Dive |
| CVE-2024-23325 | Envoy crashes when using an address type that isn’t supported by the OS | envoyproxy | envoy | High | 7.5 | 2024-02-09 22:47:13 | Deep Dive |
| CVE-2024-23327 | Crash in proxy protocol when command type of LOCAL in Envoy | envoyproxy | envoy | High | 7.5 | 2024-02-09 22:41:55 | Deep Dive |
| CVE-2023-35944 | Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes | envoyproxy | envoy | High | 8.2 | 2023-07-25 18:35:59 | Deep Dive |
| CVE-2023-35943 | Envoy vulnerable to CORS filter segfault when origin header is removed | envoyproxy | envoy | Medium | 6.3 | 2023-07-25 18:26:24 | Deep Dive |
| CVE-2023-35942 | Envoy's gRPC access log crash caused by the listener draining | envoyproxy | envoy | Medium | 6.5 | 2023-07-25 18:24:12 | Deep Dive |
| CVE-2023-35941 | Envoy vulnerable to OAuth2 credentials exploit with permanent validity | envoyproxy | envoy | High | 8.6 | 2023-07-25 17:40:56 | Deep Dive |
| CVE-2023-35945 | Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec | envoyproxy | envoy | High | 7.5 | 2023-07-13 20:41:16 | Deep Dive |
| CVE-2023-33869 | Enphase Envoy OS Command Injection | Enphase | Envoy | Medium | 6.3 | 2023-06-20 19:43:47 | Deep Dive |
| CVE-2023-27496 | Envoy may crash when a redirect url without a state param is received in the oauth filter | envoyproxy | envoy | Medium | 6.5 | 2023-04-04 19:48:57 | Deep Dive |
| CVE-2023-27493 | Envoy doesn't escape HTTP header values | envoyproxy | envoy | High | 8.1 | 2023-04-04 19:46:57 | Deep Dive |
| CVE-2023-27492 | Envoy may crash when a large request body is processed in Lua filter | envoyproxy | envoy | Medium | 4.8 | 2023-04-04 18:34:44 | Deep Dive |
| CVE-2023-27491 | Envoy forwards invalid Http2/Http3 downstream headers | envoyproxy | envoy | Medium | 5.4 | 2023-04-04 18:18:23 | Deep Dive |
| CVE-2023-27488 | Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received. | envoyproxy | envoy | Medium | 5.4 | 2023-04-04 17:57:17 | Deep Dive |
| CVE-2023-27487 | Envoy client may fake the header `x-envoy-original-path` | envoyproxy | envoy | High | 8.2 | 2023-04-04 15:42:34 | Deep Dive |
| CVE-2022-29227 | Use after free in Envoy | envoyproxy | envoy | High | 7.5 | 2022-06-09 19:30:15 | Deep Dive |
| CVE-2022-29226 | Trivial authentication bypass in Envoy | envoyproxy | envoy | Critical | 10.0 | 2022-06-09 19:25:11 | Deep Dive |