Filtered by vendor Redhat Subscriptions
Filtered by product Service Mesh Subscriptions
Total 175 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-29923 4 Fedoraproject, Golang, Oracle and 1 more 13 Fedora, Go, Timesten In-memory Database and 10 more 2024-11-21 7.5 High
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.
CVE-2021-29492 2 Envoyproxy, Redhat 2 Envoy, Service Mesh 2024-11-21 8.1 High
Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control, e.g. a block on `/admin`. A backend server could then decode slash sequences and normalize path and provide an attacker access beyond the scope provided for by the access control policy. ### Impact Escalation of Privileges when using RBAC or JWT filters with enforcement based on URL path. Users with back end servers that interpret `%2F` and `/` and `%5C` and `\` interchangeably are impacted. ### Attack Vector URL paths containing escaped slash characters delivered by untrusted client. Patches in versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain new path normalization option to decode escaped slash characters. As a workaround, if back end servers treat `%2F` and `/` and `%5C` and `\` interchangeably and a URL path based access control is configured, one may reconfigure the back end server to not treat `%2F` and `/` and `%5C` and `\` interchangeably.
CVE-2021-29482 2 Redhat, Xz Project 6 Acm, Container Native Virtualization, Openshift Api Data Protection and 3 more 2024-11-21 7.5 High
xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size of the compressed file input to a reasonable size for their use case. The standard library had recently the same issue and got the CVE-2020-16845 allocated.
CVE-2021-29258 2 Envoyproxy, Redhat 2 Envoy, Service Mesh 2024-11-21 7.5 High
An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
CVE-2021-28683 2 Envoyproxy, Redhat 2 Envoy, Service Mesh 2024-11-21 7.5 High
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
CVE-2021-28682 2 Envoyproxy, Redhat 2 Envoy, Service Mesh 2024-11-21 7.5 High
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
CVE-2021-20329 2 Mongodb, Redhat 4 Go Driver, Container Native Virtualization, Openshift and 1 more 2024-11-21 6.8 Medium
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
CVE-2020-9283 3 Debian, Golang, Redhat 7 Debian Linux, Package Ssh, 3scale Amp and 4 more 2024-11-21 7.5 High
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
CVE-2020-8664 2 Cncf, Redhat 2 Envoy, Service Mesh 2024-11-21 5.3 Medium
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump.
CVE-2020-8663 2 Envoyproxy, Redhat 2 Envoy, Service Mesh 2024-11-21 7.5 High
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
CVE-2020-8661 2 Cncf, Redhat 3 Envoy, Openshift Service Mesh, Service Mesh 2024-11-21 7.5 High
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
CVE-2020-8660 2 Envoyproxy, Redhat 2 Envoy, Service Mesh 2024-11-21 5.3 Medium
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process.
CVE-2020-8659 3 Cncf, Debian, Redhat 4 Envoy, Debian Linux, Openshift Service Mesh and 1 more 2024-11-21 7.5 High
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.
CVE-2020-8595 2 Istio, Redhat 4 Istio, Enterprise Linux, Openshift Service Mesh and 1 more 2024-11-21 7.3 High
Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match.
CVE-2020-8203 3 Lodash, Oracle, Redhat 24 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 21 more 2024-11-21 7.4 High
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2020-8124 2 Redhat, Url-parse Project 2 Service Mesh, Url-parse 2024-11-21 5.3 Medium
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
CVE-2020-7662 2 Redhat, Websocket-extensions Project 3 Openshift, Service Mesh, Websocket-extensions 2024-11-21 7.5 High
websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.
CVE-2020-7660 2 Redhat, Verizon 2 Service Mesh, Serialize-javascript 2024-11-21 8.1 High
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
CVE-2020-7598 3 Opensuse, Redhat, Substack 9 Leap, Enterprise Linux, Openshift and 6 more 2024-11-21 5.6 Medium
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
CVE-2020-28852 2 Golang, Redhat 5 Text, Acm, Enterprise Linux and 2 more 2024-11-21 7.5 High
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)