Vulnerabilities > Haproxy > High

DATE CVE VULNERABILITY TITLE RISK
2019-10-23 CVE-2019-18277 HTTP Request Smuggling vulnerability in Haproxy
A flaw was found in HAProxy before 2.0.6.
network
low complexity
haproxy CWE-444
7.5
2019-03-21 CVE-2018-20615 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash.
network
low complexity
haproxy opensuse canonical redhat CWE-125
7.5
2018-12-12 CVE-2018-20103 Infinite Loop vulnerability in multiple products
An issue was discovered in dns.c in HAProxy through 1.8.14.
network
low complexity
haproxy canonical redhat CWE-835
7.5
2018-12-12 CVE-2018-20102 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14.
network
low complexity
haproxy canonical redhat CWE-125
7.5
2018-09-21 CVE-2018-14645 Out-of-bounds Read vulnerability in multiple products
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2.
network
low complexity
haproxy canonical redhat CWE-125
7.5
2018-05-09 CVE-2018-10184 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in HAProxy before 1.8.8.
network
low complexity
haproxy redhat CWE-119
7.5
2016-06-30 CVE-2016-5360 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.
network
low complexity
canonical haproxy CWE-119
7.5