Vulnerabilities > Haproxy > Haproxy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-02 | CVE-2020-11100 | Out-of-bounds Write vulnerability in multiple products In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. | 8.8 |
| 2019-11-27 | CVE-2019-19330 | Injection vulnerability in multiple products The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | 9.8 |
| 2019-10-23 | CVE-2019-18277 | HTTP Request Smuggling vulnerability in Haproxy A flaw was found in HAProxy before 2.0.6. | 7.5 |
| 2019-07-23 | CVE-2019-14241 | Infinite Loop vulnerability in Haproxy HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. | 5.0 |
| 2019-05-09 | CVE-2019-11323 | Use of Uninitialized Resource vulnerability in Haproxy HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. | 5.9 |
| 2019-03-21 | CVE-2018-20615 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. | 7.5 |
| 2018-12-12 | CVE-2018-20103 | Infinite Loop vulnerability in multiple products An issue was discovered in dns.c in HAProxy through 1.8.14. | 7.5 |
| 2018-12-12 | CVE-2018-20102 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. | 7.5 |
| 2018-09-21 | CVE-2018-14645 | Out-of-bounds Read vulnerability in multiple products A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. | 7.5 |
| 2018-05-25 | CVE-2018-11469 | Information Exposure vulnerability in multiple products Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. | 5.9 |