Vulnerabilities > Haproxy > High

DATE CVE VULNERABILITY TITLE RISK
2019-10-23 CVE-2019-18277 HTTP Request Smuggling vulnerability in Haproxy
A flaw was found in HAProxy before 2.0.6.
network
low complexity
haproxy CWE-444
7.5
2019-07-23 CVE-2019-14243 Improper Input Validation vulnerability in Haproxy Proxyprotocol
headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 request with truncated source/destination address data.
network
low complexity
haproxy CWE-20
7.5
2019-07-23 CVE-2019-14241 Infinite Loop vulnerability in Haproxy
HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.
network
low complexity
haproxy CWE-835
7.5
2019-03-21 CVE-2018-20615 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash.
network
low complexity
haproxy opensuse canonical redhat CWE-125
7.5
2018-12-12 CVE-2018-20103 Infinite Loop vulnerability in multiple products
An issue was discovered in dns.c in HAProxy through 1.8.14.
network
low complexity
haproxy canonical redhat CWE-835
7.5
2018-12-12 CVE-2018-20102 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14.
network
low complexity
haproxy canonical redhat CWE-125
7.5
2018-09-21 CVE-2018-14645 Out-of-bounds Read vulnerability in multiple products
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2.
network
low complexity
haproxy canonical redhat CWE-125
7.5
2018-05-09 CVE-2018-10184 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in HAProxy before 1.8.8.
network
low complexity
haproxy redhat CWE-119
7.5
2016-06-30 CVE-2016-5360 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.
network
low complexity
canonical haproxy CWE-119
7.5