Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haproxy haproxy - vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-39240
An issue exists in HAProxy 2.2 prior to 2.2.16, 2.3 prior to 2.3.13, and 2.4 prior to 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from what...
Haproxy Haproxy
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5
CVSSv2
CVE-2021-39241
An issue exists in HAProxy 2.0 prior to 2.0.24, 2.2 prior to 2.2.16, 2.3 prior to 2.3.13, and 2.4 prior to 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protecte...
Haproxy Haproxy
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5
CVSSv2
CVE-2021-39242
An issue exists in HAProxy 2.2 prior to 2.2.16, 2.3 prior to 2.3.13, and 2.4 prior to 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.
Haproxy Haproxy
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5
CVSSv2
CVE-2019-14243
headerv2.go in mastercactapus proxyprotocol prior to 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin up to and including 0.0.2 for Caddy, allows remote malicious users to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 r...
Haproxy Proxyprotocol
5
CVSSv2
CVE-2019-14241
HAProxy up to and including 2.0.2 allows malicious users to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.
Haproxy Haproxy
5
CVSSv2
CVE-2018-20615
An out-of-bounds read issue exists in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x up to and including 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame le...
Haproxy Haproxy
Haproxy Haproxy 1.9.0
Opensuse Leap 15.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Redhat Enterprise Linux 7.4
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 7.5
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux 7.6
5
CVSSv2
CVE-2018-20102
An out-of-bounds read in dns_validate_dns_response in dns.c exists in HAProxy up to and including 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the bu...
Haproxy Haproxy
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Redhat Openshift Container Platform 3.11
5
CVSSv2
CVE-2018-20103
An issue exists in dns.c in HAProxy up to and including 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.
Haproxy Haproxy
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Redhat Openshift Container Platform 3.11
5
CVSSv2
CVE-2016-2102
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.
Haproxy Haproxy -
5
CVSSv2
CVE-2016-5360
HAproxy 1.6.x prior to 1.6.6, when a deny comes from a reqdeny rule, allows remote malicious users to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.
Canonical Ubuntu Linux 16.04
Haproxy Haproxy 1.6.5
Haproxy Haproxy 1.6.0
Haproxy Haproxy 1.6.3
Haproxy Haproxy 1.6.2
Haproxy Haproxy 1.6.1
Haproxy Haproxy 1.6.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »