Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haproxy vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25803
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions before 6.3.5.0 have a directory traversal vulnerability that allows the inclusion of server-side files. This issue is fixed in version 6.3.5.0.
Roxy-wi Roxy-wi
NA
CVE-2022-1677
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the...
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.6
Redhat Openshift Container Platform 4.7
Redhat Openshift Container Platform 4.8
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.9
NA
CVE-2023-25802
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions before 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a...
Roxy-wi Roxy-wi
NA
CVE-2023-25804
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions before 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the `/tmp` folder using a payload `../../../../../tmp/test...
Roxy-wi Roxy-wi
NA
CVE-2022-31161
Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 co...
Roxy-wi Roxy-wi
668
VMScore
CVE-2022-31125
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated malicious user to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This...
Roxy-wi Roxy-wi
668
VMScore
CVE-2022-31126
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated malicious user to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-...
Roxy-wi Roxy-wi
NA
CVE-2022-3113
An issue exists in the Linux kernel up to and including 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.
Linux Linux Kernel 5.16.0
Linux Linux Kernel
NA
CVE-2023-29004
hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI (6.3.9.0 at the moment of writing this report). The vulnerability can be exploited via an HTTP request to /app/...
Roxy-wi Roxy-wi
NA
CVE-2024-28101
The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluat...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »