Moderate: Red Hat Security Advisory: haproxy security and bug fix update

An update for haproxy is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RHEL 9 : haproxy (RHSA-2023:6496)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6496 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: data le...

ALSA-2023:6496 Moderate: haproxy security and bug fix update

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: data leak via fcgi requests CVE-2023-0836 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relate...

Moderate: haproxy security and bug fix update

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: data leak via fcgi requests CVE-2023-0836 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relate...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-3031)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-3008)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: flux, kubeflow-katib, terraform-provider-sendgrid-fips, tkn, caddy, kube-state-metrics-fips, crossplane-provider-aws, kubernetes-csi-external-provisioner, minio, vertical-pod-autoscaler, prometheus-elasticsearch-exporter, bom, pulumi, kubevela, gitness,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: flux, kubeflow-katib, terraform-provider-sendgrid-fips, tkn, caddy, kube-state-metrics-fips, crossplane-provider-aws, kubernetes-csi-external-provisioner, minio, vertical-pod-autoscaler, prometheus-elasticsearch-exporter, bom, pulumi, kubevela, gitness,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: kind, kaf, terraform, prometheus-blackbox-exporter, certificate-transparency, terraform-provider-aws, buildkitd, rqlite, amass, gke-gcloud-auth-plugin, flux-notification-controller, gomplate, secrets-store-csi-driver-provider-gcp, pulumi, hugo,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, terraform-provider-sendgrid-fips, terraform-provider-azurerm, minio, prometheus-elasticsearch-exporter, bom, pulumi, kubevela, gitness, flux-source-controller, helm, secrets-store-csi-driver, metrics-server-fips, prometheus-blackbox-exporter,...

CVE-2023-44487

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, terraform-provider-sendgrid-fips, terraform-provider-azurerm, minio, prometheus-elasticsearch-exporter, bom, pulumi, kubevela, gitness, flux-source-controller, helm, secrets-store-csi-driver, metrics-server-fips, prometheus-blackbox-exporter,...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-2897)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-2878)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: haproxy2

Issue Overview: HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and...

Medium: haproxy2

Issue Overview: HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind...

Medium: haproxy2

Issue Overview: A flaw was found in haproxy. An input validation flaw when processing HTTP/2 requests causes haproxy to not ensure that the scheme and path portions of a URI have the expected characters. This may cause specially crafted input to bypass implemented security restrictions. The highe...

Oracle Linux 8 : haproxy (ELSA-2020-1725)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-1725 advisory. - Fix hapack zero byte input causing overwrite CVE-2020-11100, 1819519 Tenable has extracted the preceding description block directly from the Oracle...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-2687)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2023-2645)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...