601 matches found
OESA-2023-1886 haproxy security update
HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An information lea...
PT-2023-9787 · Openbsd · Openbsd +1
Name of the Vulnerable Software and Affected Versions: OpenBSD versions 7.3 through 7.4 before errata 006 and 7.3 before errata 020 OpenBSD version 7.3 before errata 020 Description: The issue is related to a NULL dereference when handling a malformed fastcgi request in the httpd8 service. This c...
haproxy: data leak via fcgi requests
A flaw was found in HAProxy, which could allow a remote attacker to obtain sensitive information caused by improper initialization when encoding the FCGIBEGINREQUEST record. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and us...
Important: haproxy2
Issue Overview: An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer,...
PT-2023-9272 · Eclipse +4 · Eclipse Jetty +4
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions prior to 9.4.52 Eclipse Jetty versions prior to 10.0.16 Eclipse Jetty versions prior to 11.0.16 Eclipse Jetty versions prior to 12.0.0-beta2 Description: The issue is related to the formation of a command line that...
Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-2645)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Out-of-bounds Write in Fastweb Fastgate_Vdsl2_Dga4131Fwb_Firmware
Fastweb FastGate 'cmproxy' buffer overflow CVE-2022-30114...
CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
DEBIAN-CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
Information disclosure
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
CVE-2023-0836
CVE-2023-0836 is an information-leak in HAProxy. The vulnerability affects HAProxy releases up to: 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, and 2.7 before 2.7.1, where 5 bytes remain uninitialized in the connection buffer when encoding the FCGI_BEGIN_RE...
CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
UBUNTU-CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
SUSE CVE-2023-0836
An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...
K15322: PHP vulnerability CVE-2014-0185
Security Advisory Description sapi/fpm/fpm/fpmunix.c in the FastCGI Process Manager FPM in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client. CVE-2014-0185 Impact None. No F5 products are...
SUSE CVE-2007-3950
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the 1 modscgi, 2 modfastcgi, and 3 modwebdav modules...