CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2023/04/03 1:9 p.m.•0 views

USN-5994-1 haproxy vulnerability

It was discovered that HAProxy incorrectly initialized certain connection buffers. A remote attacker could possibly use this issue to obtain sensitive information...

7.5CVSS5.8AI score0.00006EPSS

Ubuntu•added 2023/04/03 1:9 p.m.•61 views

USN-5994-1: HAProxy vulnerability

It was discovered that HAProxy incorrectly initialized certain connection buffers. A remote attacker could possibly use this issue to obtain sensitive information...

7.5CVSS7.2AI score0.00006EPSS

Exploits0

Tenable Nessus•added 2023/04/03 12:0 a.m.•27 views

Ubuntu 22.04 LTS : HAProxy vulnerability (USN-5994-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5994-1 advisory. It was discovered that HAProxy incorrectly initialized certain connection buffers. A remote attacker could possibly use this issue to obtain sensitive information...

7.5CVSS7.3AI score0.00006EPSS

Japan Vulnerability Notes•added 2023/03/31 6:54 a.m.•3 views

HAProxy vulnerable to HTTP request/response smuggling

Overview HAProxy's HTTP/3 implementation fails to block a malformed HTTP header field name, and when deployed in front of a server that incorrectly process this malformed header, it may be used to conduct an HTTP request/response smuggling attack CWE-444. Yuki Mogi of FFRI Security, Inc. reported...

7.3CVSS6.6AI score0.00075EPSS

Exploits0References6

CNNVD•added 2023/03/31 12:0 a.m.•3 views

HAProxy 环境问题漏洞

Haproxy HAProxy is an open source TCP/HTTP load balancing server from the French company Haproxy. The server provides 4-layer and 7-layer proxy and can support tens of thousands of levels of connections , with high efficiency , stability and other characteristics . A security vulnerability exists...

7.3CVSS6.5AI score0.00075EPSS

Exploits0References7

Japan Vulnerability Notes•added 2023/03/31 12:0 a.m.•51 views

JVN#38170084: HAProxy vulnerable to HTTP request/response smuggling

HAProxy's HTTP/3 implementation fails to block a malformed HTTP header field name, and when deployed in front of a server that incorrectly process this malformed header, it may be used to conduct an HTTP request/response smuggling attack CWE-444. Impact A remote attacker may alter a legitimate...

7.3CVSS7.1AI score0.00075EPSS

Exploits0

Tenable Nessus•added 2023/03/30 12:0 a.m.•32 views

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 8 (RHSA-2023:1513)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1513 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

9.8CVSS8AI score0.93849EPSS

Exploits10References44

Tenable Nessus•added 2023/03/30 12:0 a.m.•40 views

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 9 (RHSA-2023:1514)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1514 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

9.8CVSS8AI score0.93849EPSS

Exploits10References44

Tenable Nessus•added 2023/03/30 12:0 a.m.•100 views

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 (RHSA-2023:1512)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1512 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

9.8CVSS8AI score0.93849EPSS

Exploits10References44

OSV•added 2023/03/29 9:15 p.m.•1 views

DEBIAN-CVE-2023-0836

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGIBEGINREQUEST record. Sensitive data may be disclos...

7.5CVSS7.4AI score0.00006EPSS

Exploits0References1

NVD•added 2023/03/29 9:15 p.m.•15 views

CVE-2023-0836

7.5CVSS7.4AI score0.00006EPSS

OSV•added 2023/03/29 9:15 p.m.•5 views

CVE-2023-0836

7.5CVSS7.3AI score

Prion•added 2023/03/29 9:15 p.m.•26 views

Information disclosure

5CVSS7.2AI score0.00006EPSS

Exploits0References2Affected Software1

RedHat Linux•added 2023/03/29 11:45 a.m.•2 views

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

RedHat Linux•added 2023/03/29 11:44 a.m.•3 views

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

RedHat Linux•added 2023/03/29 11:44 a.m.•86 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.2AI score0.93849EPSS

Exploits10References33

RedHat Linux•added 2023/03/29 11:44 a.m.•2 views

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

RedHat Linux•added 2023/03/29 11:43 a.m.•3 views

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS