CVE-2019-14241

A flaw was found in HAProxy versions 2.0.0 through 2.0.2 and 1.9.0 through 1.9.8. An attacker can cause a denial of service via vectors related to htxmanageclientsidecookies in protohtx.c. The highest threat from this vulnerability is to system availability...

CVE-2018-20102

An out-of-bounds read in dnsvalidatednsresponse in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing...

CVE-2018-20103

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0227

An update of 'libtiff', 'python2', 'bubblewrap', 'postgresql', 'yarn', 'libgcrypt', 'haproxy' packages of Photon OS has been released...

Ubuntu: Security Advisory (USN-4321-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important Photon OS Security Update - PHSA-2020-3.0-0078

Updates of 'python3', 'libvirt', 'python2', 'bubblewrap', 'haproxy', 'libtiff', 'yarn', 'ansible' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2020-0227

Updates of 'haproxy', 'yarn', 'libgcrypt', 'python2', 'libtiff', 'postgresql', 'bubblewrap' packages of Photon OS have been released...

[ASA-202004-7] haproxy: arbitrary code execution

Arch Linux Security Advisory ASA-202004-7 ========================================= Severity: Critical Date : 2020-04-08 CVE-ID : CVE-2020-11100 Package : haproxy Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1124 Summary ======= The package haproxy before...

Important Photon OS Security Update - PHSA-2020-0078

Updates of 'bubblewrap', 'python3', 'python2', 'haproxy', 'yarn', 'ansible', 'libtiff', 'libvirt' packages of Photon OS have been released...

Ubuntu 18.04 LTS : HAProxy vulnerability (USN-4321-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4321-1 advisory. Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2 requests. An attacker could possibly use this to execute arbitrary code. Tenable has...

Critical: Red Hat Security Advisory: OpenShift Container Platform 3.11 security update

Red Hat OpenShift Container Platform release 3.11.200 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes

A flaw was found in the way HAProxy processed certain HTTP/2 request packets. This flaw allows an attacker to send crafted HTTP/2 request packets, which cause memory corruption, leading to a crash or potential remote arbitrary code execution with the permissions of the user running HAProxy...

haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated "chunked" value

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0xd, line feed LF, ASCII 0xa, and the zero character NUL, ASCII 0x0, aka Intermediary Encapsulation Attacks...

USN-4321-1 haproxy vulnerability

Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2 requests. An attacker could possibly use this to execute arbitrary code...

USN-4321-1: HAProxy vulnerability

Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2 requests. An attacker could possibly use this to execute arbitrary code...

CVE-2020-1760

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. Mitigation Mitigation provided by DigitalOcean: Mitigation relies on the HAProx...

Oracle Linux 8 : haproxy (ELSA-2020-1288)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-1288 advisory. - - Fix hapack zero byte input causing overwrite CVE-2020-11100, 1819518 Tenable has extracted the preceding description block directly from the Oracle Linux...

openSUSE Security Update : haproxy (openSUSE-2020-444)

This update for haproxy fixes the following issues : - CVE-2020-11100: Fixed an H2/HPAC vulnerability ch might have allowed arbitrary writes into a 32-bit relative address space bsc1168023. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. T...

openSUSE: Security Advisory for haproxy (openSUSE-SU-2020:0444-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...