Lucene search
K

2057 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.4 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : HAProxy vulnerabilities (USN-8459-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8459-1 advisory. It was discovered that HAProxy incorrectly handled the FCGI demultiplexer record length field. A remote attacker could...

9.1CVSS5.9AI score0.00431EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 12:0 a.m.2 views

OPENSUSE-SU-2026:11090-1 haproxy-3.4.0+git31.fc300e9f2-1.1 on GA media

These are all security issues fixed in the haproxy-3.4.0+git31.fc300e9f2-1.1 package on the GA media of openSUSE Tumbleweed...

9.1CVSS5.9AI score0.00431EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/20 2:28 a.m.10 views

SUSE CVE-2026-55203

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

5.6CVSS6.1AI score0.00321EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/20 2:28 a.m.10 views

SUSE CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

7.5CVSS5.9AI score0.00431EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-55203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as...

9.1CVSS6AI score0.00321EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-55204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validat...

8.7CVSS5.8AI score0.00431EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in HAPProxy

There is an integer overflow in HAProxy versions 2.0 to 2.5, specifically in the htxaddheader function, which can be exploited to perform an HTTP request smuggling attack. This allows an attacker to bypass all configured http-request HAProxy Access Control Lists and possibly other access control...

7.5CVSS7.9AI score0.56083EPSS
Exploits5References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in HAPProxy

Before version 2.7.3, HAProxy might allow a bypass of access control mechanisms, as HTTP/1 headers were inadvertently lost in certain situations, also known as “request smuggling.” The HTTP header parsers in HAProxy might accept empty header field names, which could be used to omit the list of HT...

9.1CVSS7.5AI score0.05493EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in HAPProxy

A vulnerability related to uncontrolled resource consumption was discovered in HAProxy, which could cause the service to crash. This issue could allow an authenticated remote attacker to run a specially crafted malicious server within an OpenShift cluster. The most significant impact is related t...

6.5CVSS6.5AI score0.01834EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in HAPProxy

Before version 2.8.2, HAProxy allowed to be part of the URI component. This could allow remote attackers to obtain sensitive information or cause unspecified other issues due to misinterpretation of the pathend rule, such as routing index.html.png to a static server...

8.2CVSS6.8AI score0.01526EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in HAPProxy

A flaw was discovered in the way HAProxy processed HTTP responses containing the “Set-Cookie2” header. This flaw could allow an attacker to send crafted HTTP response packets, leading to an infinite loop and ultimately causing a denial-of-service condition. The most significant threat from this...

7.5CVSS7.1AI score0.1619EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in HAPProxy

A vulnerability related to information leaks was discovered in HAProxy versions 2.1, 2.2 before 2.2.27, 2.3, and 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, and 2.7 before 2.7.1. There are 5 bytes that are not initialized in the connection buffer when encoding the FCGIBEGINREQUEST...

7.5CVSS7.1AI score0.01201EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in HAPProxy

The vulnerability in the src/cfgparse.c component of the HAProxy server software is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause service failures...

6.2CVSS5.5AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in HAPProxy

The vulnerability in the src/cfgparse.c component of the HAProxy server software is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause service failures...

6.2CVSS5.5AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in HAPProxy

In HAProxy versions 2.2 through 3.1.6, under certain unusual configurations, there is a heap-based buffer overflow due to improper handling of replacing multiple short patterns with a longer one...

6.8CVSS6.6AI score0.00688EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in HAPProxy

A issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. This issue can lead to a situation where the HTTP Host header is controlled by an attacker, due to a mismatch between the Host field and its corresponding authority value being mishandled...

7.5CVSS7.2AI score0.02341EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 12:0 a.m.4 views

UBUNTU-CVE-2026-55203

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9.1CVSS6.1AI score0.00321EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 12:0 a.m.5 views

UBUNTU-CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 5:16 p.m.11 views

CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS0.00431EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 4:5 p.m.9 views

EUVD-2026-37906

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.3AI score0.00431EPSS
Exploits0References2
Rows per page
Query Builder