Exposição de Envoy
Reverse proxies36
score de exposição
95.685
sites usam
0
em exploração
1
críticos
CVEs
78 resultadosCVE-2021-43826HIGHCrash when tunneling TCP over HTTP in EnvoyEPSS 1.0%CVE-2022-23606MEDIUMCrash when a cluster is deleted in EnvoyEPSS 1.0%CVE-2021-32779HIGHIncorrectly handling of URI '#fragment' element as part of the path elementEPSS 0.9%CVE-2022-29224MEDIUMSegmentation fault leading to crash in EnvoyEPSS 0.9%CVE-2023-27491MEDIUMEnvoy forwards invalid Http2/Http3 downstream headersEPSS 0.9%CVE-2021-43825MEDIUMUse-after-free in EnvoyEPSS 0.9%CVE-2024-21877HIGHInsecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225EPSS 0.8%CVE-2022-21656HIGHX.509 subjectAltName matching bypass in EnvoyEPSS 0.8%CVE-2023-27496MEDIUMEnvoy may crash when a redirect url without a state param is received in the oauth filterEPSS 0.8%CVE-2024-23325HIGHEnvoy crashes when using an address type that isn’t supported by the OSEPSS 0.8%CVE-2023-35942MEDIUMEnvoy's gRPC access log crash caused by the listener drainingEPSS 0.7%CVE-2023-27488MEDIUMEnvoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.EPSS 0.7%CVE-2023-35941HIGHEnvoy vulnerable to OAuth2 credentials exploit with permanent validityEPSS 0.7%CVE-2024-23327HIGHCrash in proxy protocol when command type of LOCAL in EnvoyEPSS 0.7%CVE-2024-32975MEDIUMEnvoy crashes in QuicheDataReader::PeekVarInt62Length()EPSS 0.7%CVE-2024-32974MEDIUMEnvoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()EPSS 0.7%CVE-2024-53270HIGHHTTP/1: sending overload crashes when the request is reset beforehand in envoyEPSS 0.7%CVE-2023-27492MEDIUMEnvoy may crash when a large request body is processed in Lua filterEPSS 0.7%CVE-2024-23322HIGHEnvoy crashes when idle and request per try timeout occur within the backoff intervalEPSS 0.7%CVE-2024-32475HIGHEnvoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytesEPSS 0.7%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →