Product:

Haproxy

(Haproxy)
Repositories https://github.com/haproxy/haproxy
#Vulnerabilities 29
Date Id Summary Products Score Patch Annotated
2015-07-06 CVE-2015-3281 The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. Ubuntu_linux, Debian_linux, Haproxy, Linux_enterprise_high_availability_extension, Openstack_cloud, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation N/A
2019-07-23 CVE-2019-14241 HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. Haproxy 7.5
2017-08-22 CVE-2016-2102 HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. Haproxy 5.3
2013-08-19 CVE-2013-2175 HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. Ubuntu_linux, Debian_linux, Haproxy, Enterprise_linux_load_balancer N/A
2013-04-10 CVE-2013-1912 Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring. Haproxy N/A