Vulnerabilities > Haproxy > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-17 CVE-2021-39241 An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3.
network
low complexity
haproxy debian fedoraproject
5.3
2019-07-23 CVE-2019-14243 Improper Input Validation vulnerability in Haproxy Proxyprotocol
headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 request with truncated source/destination address data.
network
low complexity
haproxy CWE-20
5.0
2019-07-23 CVE-2019-14241 Infinite Loop vulnerability in Haproxy
HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c.
network
low complexity
haproxy CWE-835
5.0
2019-05-09 CVE-2019-11323 Use of Uninitialized Resource vulnerability in Haproxy
HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys.
network
high complexity
haproxy CWE-908
5.9
2018-05-25 CVE-2018-11469 Information Exposure vulnerability in multiple products
Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.
network
high complexity
haproxy canonical CWE-200
5.9
2017-08-22 CVE-2016-2102 Improper Authentication vulnerability in Haproxy
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.
network
low complexity
haproxy CWE-287
5.0
2013-08-19 CVE-2013-2175 Improper Input Validation vulnerability in multiple products
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.
network
low complexity
debian canonical redhat haproxy CWE-20
5.0
2013-04-10 CVE-2013-1912 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Haproxy
Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring.
network
high complexity
haproxy CWE-119
5.1