Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haproxy vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2019-11323
HAProxy prior to 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error.
Haproxy Haproxy
5.9
CVSSv3
CVE-2018-11469
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 up to and including 1.8.9 (if cache enabled) allows malicious users to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for...
Haproxy Haproxy
Canonical Ubuntu Linux 18.04
5.5
CVSSv3
CVE-2022-3113
An issue exists in the Linux kernel up to and including 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.
Linux Linux Kernel 5.16.0
Linux Linux Kernel
5.5
CVSSv3
CVE-2013-0163
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS
Redhat Openshift 1.0
Redhat Openshift 2.0
5.3
CVSSv3
CVE-2023-25804
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions before 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the `/tmp` folder using a payload `../../../../../tmp/test...
Roxy-wi Roxy-wi
5.3
CVSSv3
CVE-2021-39241
An issue exists in HAProxy 2.0 prior to 2.0.24, 2.2 prior to 2.2.16, 2.3 prior to 2.3.13, and 2.4 prior to 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protecte...
Haproxy Haproxy
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5.3
CVSSv3
CVE-2016-2102
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.
Haproxy Haproxy -
NA
CVE-2024-28101
The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluat...
NA
CVE-2014-6269
Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 prior to 1.5.4 allow remote malicious users to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.
Haproxy Haproxy 1.5.0
Haproxy Haproxy 1.5.1
Haproxy Haproxy 1.5
Haproxy Haproxy 1.5.2
Haproxy Haproxy 1.5.3
NA
CVE-2013-2175
HAProxy 1.4 prior to 1.4.24 and 1.5 prior to 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote malicious users to cause a denial of service (negative array index usage and crash) via an HTTP header with a...
Debian Debian Linux 6.0
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 13.04
Redhat Enterprise Linux Load Balancer 6.4
Redhat Enterprise Linux Load Balancer 6.0
Haproxy Haproxy 1.4.6
Haproxy Haproxy 1.4.8
Haproxy Haproxy 1.4.15
Haproxy Haproxy 1.4.17
Haproxy Haproxy 1.4
Haproxy Haproxy 1.4.22
Haproxy Haproxy 1.4.9
Haproxy Haproxy 1.4.10
Haproxy Haproxy 1.4.11
Haproxy Haproxy 1.4.12
Haproxy Haproxy 1.4.13
Haproxy Haproxy 1.4.1
Haproxy Haproxy 1.4.2
Haproxy Haproxy 1.4.3
Haproxy Haproxy 1.4.4
Haproxy Haproxy 1.4.18
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »