CVE-2025-6714

CVE-2025-6714 describes an issue where MongoDB Server’s mongos can become unresponsive to new connections when handling incomplete data in load-balanced sharded clusters (HAProxy on specified ports). Affected versions are MongoDB Server v6.0 before 6.0.23, v7.0 before 7.0.20, and v8.0 before 8.0....

PT-2025-28180

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions 6.0 prior to 6.0.23 MongoDB Server versions 7.0 prior to 7.0.20 MongoDB Server versions 8.0 prior to 8.0.9 Description: The issue affects MongoDB Server's mongos component, causing it to become unresponsive to new...

TencentOS Server 4: haproxy (TSSA-2024:1038)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1038 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: haproxy (TSSA-2024:0826)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0826 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: haproxy (TSSA-2022:0043)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0043 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

The vulnerability of the sample_conv regsub function in server-side HAProxy software arises from incorrect comparisons using erroneous factors, allowing attackers to compromise the accessibility of protected information.

The vulnerability of the sampleconv regsub function in HAProxy-related software is related to incorrect comparisons when error factors are used. Exploiting this vulnerability can allow a malicious actor to compromise the accessibility of protected information...

haproxy-3.2.0+git0.e134140d2-2.1 on GA media (moderate)

haproxy-3.2.0+git0.e134140d2-2.1 on GA media Announcement ID: openSUSE-SU-2025:15200-1 Rating: moderate Cross-References: CVE-2025-32464 CVSS scores: CVE-2025-32464 SUSE : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2025-32464 SUSE : 6...

OPENSUSE-SU-2025:15200-1 haproxy-3.2.0+git0.e134140d2-2.1 on GA media

These are all security issues fixed in the haproxy-3.2.0+git0.e134140d2-2.1 package on the GA media of openSUSE Tumbleweed...

VulnCheck KEV: CVE-2022-31161

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch...

Fedora: Security Advisory (FEDORA-2024-bd2368f66a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-35195

The official haproxy docker images before 1.8.18-alpine Alpine specific contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password...

CVE-2019-14243

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service webserver panic and daemon crash via a crafted HAProxy PROXY v2 request with truncated source/destinatio...

The vulnerability of programming tools for balancing and managing connections in Pgpool-II and HAProxy for PostgreSQL databases lies in their insecure resource initialization, which allows attackers to gain unauthorized access to the database.

The vulnerabilities of the Pgpool-II and HAProxy software for PostgreSQL databases in terms of connection balancing and management involve insecure resource initialization. Exploiting these vulnerabilities can allow an attacker, operating remotely, to gain unauthorized access to the database with...

Alibaba Cloud Linux 3 : 0043: haproxy (ALINUX3-SA-2022:0043)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0043 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-11100: In hpackdhtinsert in hpack-tbl.c in...

Alibaba Cloud Linux 3 : 0104: haproxy (ALINUX3-SA-2024:0104)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0104 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-40225: HAProxy through 2.0.32,...

Alibaba Cloud Linux 3 : 0053: haproxy (ALINUX3-SA-2024:0053)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0053 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-0056: An uncontrolled resource...

SUSE CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

ROS-20250430-13

HAProxy server software vulnerability is related to bounds errors in regsub function in src/sample.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

Mageia: Security Advisory (MGASA-2025-0138)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated haproxy packages fix security vulnerability

BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refsAleandro Prudenzano of Doyensec and Edoardo Geraci of Codean Labs reported a bug in sampleconvregsub, which can cause replacements of multiple back-references to overflow the temporary trash buffer. The problem happen...