Vulnerabilities > Haproxy > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-23 | CVE-2019-18277 | HTTP Request Smuggling vulnerability in Haproxy A flaw was found in HAProxy before 2.0.6. | 7.5 |
2019-07-23 | CVE-2019-14243 | Improper Input Validation vulnerability in Haproxy Proxyprotocol headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 request with truncated source/destination address data. | 7.5 |
2019-07-23 | CVE-2019-14241 | Infinite Loop vulnerability in Haproxy HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. | 7.5 |
2019-03-21 | CVE-2018-20615 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. | 7.5 |
2018-12-12 | CVE-2018-20103 | Infinite Loop vulnerability in multiple products An issue was discovered in dns.c in HAProxy through 1.8.14. | 7.5 |
2018-12-12 | CVE-2018-20102 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. | 7.5 |
2018-09-21 | CVE-2018-14645 | Out-of-bounds Read vulnerability in multiple products A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. | 7.5 |
2018-05-09 | CVE-2018-10184 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in HAProxy before 1.8.8. | 7.5 |
2016-06-30 | CVE-2016-5360 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors. | 7.5 |