Lucene search
K

2078 matches found

RedhatCVE
RedhatCVE
added 2026/06/02 7:17 a.m.9 views

CVE-2026-1784

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...

8.8CVSS5.8AI score0.0015EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.12 views

PT-2026-45701

Name of the Vulnerable Software and Affected Versions OpenShift affected versions not specified Description The Route OpenShift resource enables pods to be reachable at a subdomain via HAProxy. Insufficient validation of the spec.path YAML stanza in a Route document allows for controlled injectio...

8.8CVSS5.4AI score0.0015EPSS
Exploits0References20
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

openshift Red Hat OpenShift Container Platform 4 配置错误漏洞

Red Hat OpenShift Container Platform is a platform developed by Red Hat Corporation that helps enterprises develop, deploy, and manage container-based applications across physical, virtual, and public cloud infrastructures. There is a security vulnerability in Red Hat OpenShift Container Platform...

8.8CVSS5.9AI score0.0015EPSS
Exploits0References5
Fedora
Fedora
added 2026/05/27 1:27 a.m.11 views

[SECURITY] Fedora 43 Update: haproxy-3.0.23-2.fc43

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

7.5CVSS7.1AI score0.00479EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.9 views

Fedora 43 : haproxy (2026-164a1e3151)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-164a1e3151 advisory. Upgrade to 3.0.23 see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog Tenable has extracted the preceding description...

7.5CVSS7.2AI score0.00479EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.16 views

Fedora 42 : haproxy (2026-d790d66a08)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d790d66a08 advisory. Upgrade to 3.0.23 see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog Tenable has extracted the preceding description...

7.5CVSS5.9AI score0.00479EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.11 views

Fedora 44 : haproxy (2026-53196fc291)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-53196fc291 advisory. Upgrade to 3.0.23 see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog Tenable has extracted the preceding description...

7.5CVSS7.2AI score0.00479EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.13 views

Debian dsa-6291 : haproxy - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6291 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6291-1 [email protected] https://www.debian.org/security/...

5.8CVSS5.8AI score0.00297EPSS
Exploits1References4
Debian
Debian
added 2026/05/22 8:18 p.m.17 views

[SECURITY] [DSA 6291-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6291-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq -...

5.8CVSS5.8AI score0.00297EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in HAPProxy

The vulnerability in the src/cfgparse.c component of the HAProxy server software is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause service failures...

6.2CVSS5.5AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in HAPProxy

Before version 2.7.3, HAProxy might allow a bypass of access control mechanisms, as HTTP/1 headers were inadvertently lost in certain situations, also known as “request smuggling.” The HTTP header parsers in HAProxy might accept empty header field names, which could be used to omit the list of HT...

9.1CVSS7.5AI score0.05493EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in HAPProxy

Before version 2.8.2, HAProxy allowed to be part of the URI component. This could allow remote attackers to obtain sensitive information or cause unspecified other issues due to misinterpretation of the pathend rule, such as routing index.html.png to a static server...

8.2CVSS6.8AI score0.01526EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in HAPProxy

A flaw was discovered in the way HAProxy processed HTTP responses containing the “Set-Cookie2” header. This flaw could allow an attacker to send crafted HTTP response packets, leading to an infinite loop and ultimately causing a denial-of-service condition. The most significant threat from this...

7.5CVSS7.1AI score0.16563EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in HAPProxy

There is an integer overflow in HAProxy versions 2.0 to 2.5, specifically in the htxaddheader function, which can be exploited to perform an HTTP request smuggling attack. This allows an attacker to bypass all configured http-request HAProxy Access Control Lists and possibly other access control...

7.5CVSS7.9AI score0.57934EPSS
Exploits6References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in HAPProxy

A issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. This issue can lead to a situation where the HTTP Host header is controlled by an attacker, due to a mismatch between the Host field and its corresponding authority value being mishandled...

7.5CVSS7.2AI score0.02341EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in HAPProxy

In HAProxy versions 2.2 through 3.1.6, under certain unusual configurations, there is a heap-based buffer overflow due to improper handling of replacing multiple short patterns with a longer one...

6.8CVSS6.6AI score0.00688EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 1:28 p.m.5 views

CLEANSTART-2026-AW97162 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33814, ghsa-mh2q-q3fh-2475 applied in versions: 0.15.1-r0, 0.15.4-r0, 0.15.4-r1

Multiple security vulnerabilities affect the haproxy-ingress package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7AI score0.00781EPSS
Exploits1References14
OSV
OSV
added 2026/05/18 1:27 p.m.12 views

CLEANSTART-2026-RK40393 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33814 applied in versions: 0.15.1-r0, 0.16.1-r0

Multiple security vulnerabilities affect the haproxy-ingress package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7AI score0.00781EPSS
Exploits1References13
OSV
OSV
added 2026/05/16 11:54 p.m.15 views

MGASA-2026-0146 Updated haproxy packages fix security vulnerability

The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. CVE-2026-33555...

5.8CVSS5.8AI score0.00297EPSS
Exploits1References3
Mageia
Mageia
added 2026/05/16 11:54 p.m.21 views

Updated haproxy packages fix security vulnerability

The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. CVE-2026-33555...

5.8CVSS5.8AI score0.00297EPSS
Exploits1References2
Rows per page
Query Builder