Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haproxy haproxy - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-20615
An out-of-bounds read issue exists in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x up to and including 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame le...
Haproxy Haproxy
Haproxy Haproxy 1.9.0
Opensuse Leap 15.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Redhat Enterprise Linux 7.4
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 7.5
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux 7.6
7.5
CVSSv3
CVE-2018-20102
An out-of-bounds read in dns_validate_dns_response in dns.c exists in HAProxy up to and including 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the bu...
Haproxy Haproxy
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Redhat Openshift Container Platform 3.11
7.5
CVSSv3
CVE-2018-20103
An issue exists in dns.c in HAProxy up to and including 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion.
Haproxy Haproxy
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Redhat Openshift Container Platform 3.11
7.5
CVSSv3
CVE-2016-5360
HAproxy 1.6.x prior to 1.6.6, when a deny comes from a reqdeny rule, allows remote malicious users to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.
Canonical Ubuntu Linux 16.04
Haproxy Haproxy 1.6.5
Haproxy Haproxy 1.6.0
Haproxy Haproxy 1.6.3
Haproxy Haproxy 1.6.2
Haproxy Haproxy 1.6.1
Haproxy Haproxy 1.6.4
7.3
CVSSv3
CVE-2023-25950
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote malicious user to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.
Haproxy Haproxy 2.7.0
Haproxy Haproxy
1 Github repository
7.2
CVSSv3
CVE-2023-40225
HAProxy up to and including 2.0.32, 2.1.x and 2.2.x up to and including 2.2.30, 2.3.x and 2.4.x up to and including 2.4.23, 2.5.x and 2.6.x prior to 2.6.15, 2.7.x prior to 2.7.10, and 2.8.x prior to 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In u...
Haproxy Haproxy
1 Github repository
6.5
CVSSv3
CVE-2023-29004
hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI (6.3.9.0 at the moment of writing this report). The vulnerability can be exploited via an HTTP request to /app/...
Roxy-wi Roxy-wi
6.5
CVSSv3
CVE-2023-0056
An uncontrolled resource consumption vulnerability exists in HAProxy which could crash the service. This issue could allow an authenticated remote malicious user to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.
Haproxy Haproxy -
Redhat Software Collections -
Redhat Ceph Storage 5.0
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Ibm Linuxone 4.12
Redhat Openshift Container Platform For Power 4.12
Redhat Openshift Container Platform Ibm Z Systems 4.12
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform For Ibm Linuxone 4.10
Redhat Openshift Container Platform For Power 4.10
Redhat Openshift Container Platform Ibm Z Systems 4.10
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform For Ibm Linuxone 4.11
Redhat Openshift Container Platform For Power 4.11
Redhat Openshift Container Platform Ibm Z Systems 4.11
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
6.3
CVSSv3
CVE-2022-1677
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.6
Redhat Openshift Container Platform 4.7
Redhat Openshift Container Platform 4.8
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.9
6.1
CVSSv3
CVE-2019-8953
The HAProxy package prior to 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
Netgate Haproxy
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »