Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
haproxy haproxy vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2022-31137
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions before 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from...
Roxy-wi Roxy-wi
1 Github repository
890
VMScore
CVE-2020-35195
The official haproxy docker images prior to 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote malicious user to achieve root access with a blank ...
Docker Haproxy Docker Image
668
VMScore
CVE-2022-31125
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated malicious user to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This...
Roxy-wi Roxy-wi
668
VMScore
CVE-2022-31126
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated malicious user to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-...
Roxy-wi Roxy-wi
668
VMScore
CVE-2019-19330
The HTTP/2 implementation in HAProxy prior to 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
Haproxy Haproxy
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 10.0
578
VMScore
CVE-2020-11100
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 up to and including 2.x prior to 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
Haproxy Haproxy
Debian Debian Linux 10.0
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Opensuse Leap 15.1
454
VMScore
CVE-2012-2942
Buffer overflow in the trash buffer in the header capture functionality in HAProxy prior to 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote malicious users to cause a denial of service and possibly execute...
Haproxy Haproxy
447
VMScore
CVE-2021-40346
An integer overflow exists in HAProxy 2.0 up to and including 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an malicious user to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
Haproxy Haproxy
Haproxy Haproxy 2.5
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7 Github repositories
445
VMScore
CVE-2021-4047
The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.
Redhat Openshift 4.9
445
VMScore
CVE-2022-0711
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an malicious user to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The hig...
Haproxy Haproxy
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Redhat Openshift Container Platform 4.0
Debian Debian Linux 11.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »