22 matches found
Alibaba Cloud Linux 3 : 0053: haproxy (ALINUX3-SA-2024:0053)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0053 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-0056: An uncontrolled resource...
Advisory ROSA-SA-2024-2400
Software: haproxy 2.6.15 OS: ROSA-CHROME packageevrstring: haproxy-2.6.15-1.src.rpm CVE-ID: CVE-2023-0836 BDU-ID: 2023-04833 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HAProxy server software is related to incomplete cleanup of temporary or auxiliary resources. Exploitation of the...
CentOS 9 : haproxy-2.4.22-1.el9
The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the haproxy-2.4.22-1.el9 build changelog. - An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8,...
EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2023-2645)
According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8,...
OESA-2023-1919 haproxy security update
HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An information lea...
Oracle Linux 9 : haproxy (ELSA-2023-6496)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-6496 advisory. 2.4.22-1 - Update to 2.4.22 2196530 2.4.17-7 - Fix uninitizalized resevered bytes CVE-2023-0836, 2180861 Tenable has extracted the preceding description block...
haproxy security and bug fix update
2.4.22-1 - Update to 2.4.22 2196530 2.4.17-7 - Fix uninitizalized resevered bytes CVE-2023-0836, 2180861...
Moderate: Red Hat Security Advisory: haproxy security and bug fix update
An update for haproxy is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
ALSA-2023:6496 Moderate: haproxy security and bug fix update
The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: data leak via fcgi requests CVE-2023-0836 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relate...
Moderate: haproxy security and bug fix update
The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: data leak via fcgi requests CVE-2023-0836 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relate...
Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-002)
The version of haproxy2 installed on the remote host is prior to 2.2.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2HAPROXY2-2023-002 advisory. An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missi...
Important: haproxy2
Issue Overview: An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer,...
Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-2645)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-2687)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-5388-1 : haproxy - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5388 advisory. It was reported that HAProxy, a fast and reliable load balancing reverse proxy, does not properly initialize connection buffers when encoding the FCGIBEGINREQUEST record. ...
Debian: Security Advisory (DSA-5388-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5388-1] haproxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5388-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2023 https://www.debian.org/security/faq -...
Ubuntu 22.04 LTS : HAProxy vulnerability (USN-5994-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5994-1 advisory. It was discovered that HAProxy incorrectly initialized certain connection buffers. A remote attacker could possibly use this issue to obtain sensitive information...
CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
CVE-2023-0836
CVE-2023-0836 is an information-leak in HAProxy. The vulnerability affects HAProxy releases up to: 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, and 2.7 before 2.7.1, where 5 bytes remain uninitialized in the connection buffer when encoding the FCGI_BEGIN_RE...