2078 matches found
CVE-2026-1784
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...
PT-2026-45701
Name of the Vulnerable Software and Affected Versions OpenShift affected versions not specified Description The Route OpenShift resource enables pods to be reachable at a subdomain via HAProxy. Insufficient validation of the spec.path YAML stanza in a Route document allows for controlled injectio...
openshift Red Hat OpenShift Container Platform 4 配置错误漏洞
Red Hat OpenShift Container Platform is a platform developed by Red Hat Corporation that helps enterprises develop, deploy, and manage container-based applications across physical, virtual, and public cloud infrastructures. There is a security vulnerability in Red Hat OpenShift Container Platform...
[SECURITY] Fedora 43 Update: haproxy-3.0.23-2.fc43
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...
Fedora 43 : haproxy (2026-164a1e3151)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-164a1e3151 advisory. Upgrade to 3.0.23 see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog Tenable has extracted the preceding description...
Fedora 42 : haproxy (2026-d790d66a08)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d790d66a08 advisory. Upgrade to 3.0.23 see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog Tenable has extracted the preceding description...
Fedora 44 : haproxy (2026-53196fc291)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-53196fc291 advisory. Upgrade to 3.0.23 see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog Tenable has extracted the preceding description...
Debian dsa-6291 : haproxy - security update
The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6291 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6291-1 [email protected] https://www.debian.org/security/...
[SECURITY] [DSA 6291-1] haproxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6291-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq -...
Astra Linux – Vulnerability in HAPProxy
The vulnerability in the src/cfgparse.c component of the HAProxy server software is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause service failures...
Astra Linux – Vulnerability in HAPProxy
Before version 2.7.3, HAProxy might allow a bypass of access control mechanisms, as HTTP/1 headers were inadvertently lost in certain situations, also known as “request smuggling.” The HTTP header parsers in HAProxy might accept empty header field names, which could be used to omit the list of HT...
Astra Linux – Vulnerability in HAPProxy
Before version 2.8.2, HAProxy allowed to be part of the URI component. This could allow remote attackers to obtain sensitive information or cause unspecified other issues due to misinterpretation of the pathend rule, such as routing index.html.png to a static server...
Astra Linux – Vulnerability in HAPProxy
A flaw was discovered in the way HAProxy processed HTTP responses containing the “Set-Cookie2” header. This flaw could allow an attacker to send crafted HTTP response packets, leading to an infinite loop and ultimately causing a denial-of-service condition. The most significant threat from this...
Astra Linux – Vulnerability in HAPProxy
There is an integer overflow in HAProxy versions 2.0 to 2.5, specifically in the htxaddheader function, which can be exploited to perform an HTTP request smuggling attack. This allows an attacker to bypass all configured http-request HAProxy Access Control Lists and possibly other access control...
Astra Linux – Vulnerability in HAPProxy
A issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. This issue can lead to a situation where the HTTP Host header is controlled by an attacker, due to a mismatch between the Host field and its corresponding authority value being mishandled...
Astra Linux – Vulnerability in HAPProxy
In HAProxy versions 2.2 through 3.1.6, under certain unusual configurations, there is a heap-based buffer overflow due to improper handling of replacing multiple short patterns with a longer one...
CLEANSTART-2026-AW97162 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33814, ghsa-mh2q-q3fh-2475 applied in versions: 0.15.1-r0, 0.15.4-r0, 0.15.4-r1
Multiple security vulnerabilities affect the haproxy-ingress package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-RK40393 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33814 applied in versions: 0.15.1-r0, 0.16.1-r0
Multiple security vulnerabilities affect the haproxy-ingress package. These issues are resolved in later releases. See references for individual vulnerability details...
MGASA-2026-0146 Updated haproxy packages fix security vulnerability
The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. CVE-2026-33555...
Updated haproxy packages fix security vulnerability
The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. CVE-2026-33555...